RFR: 8169335: Add a crypto.policy fallback in case Security Property 'crypto.policy' does not exist
Bradford Wetmore
bradford.wetmore at oracle.com
Wed Nov 16 00:40:40 UTC 2016
Never noticed that before! We have NOT been consistent in whether we use:
System.out.println()
or
debug.println()
I knew SeanC wants to rework the JCA/JCE/Security debugging output in
another project, so I will remove the prefix for now. Thanks for
catching it.
I will also add a simple regression Test before I push. In hindsight,
it's not as trivial a change as I initially thought. If you want to
review it, I can wait until you are back tomorrow.
Brad
On 11/15/2016 4:12 PM, Wang Weijun wrote:
> You create a debug field with a prefix string and then check both debug != null and Debug.isOn("policy") and then use System.out.println to print the message. Something must be useless.
>
> --Max
>
>> On Nov 16, 2016, at 3:31 AM, Bradford Wetmore <bradford.wetmore at oracle.com> wrote:
>>
>> Simple codereview:
>>
>> http://cr.openjdk.java.net/~wetmore/8169335/webrev.00
>>
>> The "crypto.policy" Security property is normally defined/configured in the java.security file at build time. (e.g. "limited" or "unlimited") Rather than currently failing catastrophically if this value doesn't exist, there should be a sensible default if it is undeclared for whatever reason. We will use a sane fallback value of "limited".
>>
>> If the distribution has also removed the "limited" policy directory then the VM will still fail to initialize, but we have at least made an effort to recover.
>>
>> Thanks,
>>
>> Brad
>>
>
More information about the security-dev
mailing list