Code Review Request JDK-8170329 New SSLSocket testing template
Sean Mullan
sean.mullan at oracle.com
Tue Nov 29 13:22:49 UTC 2016
On 11/27/16 7:43 AM, Xuelei Fan wrote:
> On 11/27/2016 6:04 PM, Wang Weijun wrote:
>> This is not only a test update.
>>
> No, I happened to find an implementation issue with the new test, so fix
> it altogether. The issue is that the simple validator
> (SimpleValidator.java) does not support SKID/AKID during cert path
> build. If two trusted certs has the same subject, the simple validator
> may not be able to find the right one.
We have had issues in the PKIX CertPathBuilder with matching on
AKID/SKID when building certpaths, so we want to be careful not to
introduce a similar issue. See this bug for more information:
https://bugs.openjdk.java.net/browse/JDK-8072463
I have not reviewed the fix enough to know if this issue applies here
but please double-check it.
--Sean
>
> Thanks,
> Xuelei
>
>>> On Nov 27, 2016, at 9:35 AM, Xuelei Fan <xuelei.fan at oracle.com> wrote:
>>>
>>> Hi,
>>>
>>> Please review this test update:
>>>
>>> http://cr.openjdk.java.net/~xuelei/8170329/webrev.00/
>>>
>>> The new template (SSLSocketTemplate.java) could be used to avoid the
>>> anti-free-port issues. By using sub-classes of it, the new one can
>>> simplify the general SSLSocket test code significantly.
>>>
>>> Thanks,
>>> Xuelei
>>
More information about the security-dev
mailing list