Re: RFR: JDK-8210846, TLSv.1.3 interop problems with OpenSSL 1.1.1 when used on the client side with mutual auth

[Jamil Nimeh]

Great news!  Thanks for running the tests on your end, Norman.


--Jamil

-------- Original message --------
From: Norman Maurer <norman.maurer at googlemail.com> 
Date: 9/19/18  4:32 PM  (GMT-08:00) 
To: Bradford Wetmore <bradford.wetmore at oracle.com> 
Cc: Jamil Nimeh <jamil.j.nimeh at oracle.com>, OpenJDK Dev list <security-dev at openjdk.java.net> 
Subject: Re: RFR: JDK-8210846, TLSv.1.3 interop problems with OpenSSL 1.1.1
  when used on the client side with mutual auth 

I can confirm that this patch fixes the issue I was seeing. After applying it it also passes all of the tests that we have in the SSL testsuite of netty.

So +1 from me.

Bye
Norman


> On 19. Sep 2018, at 15:13, Bradford Wetmore <bradford.wetmore at oracle.com> wrote:
> 
> Looks good from a CR standpoint.  Silly typos...
> 
> Looking forward to hearing back from Norman.  I believe we are running the same testbed, so I expect it will work.
> 
> Jamil, be sure to include the specific interop test information in the bug, so that when SQE goes to verify, they can be sure to run it manually.
> 
> Brad
> 
> 
> On 9/19/2018 1:59 PM, Norman Maurer wrote:
>> I will test and report back later today . Thanks for the quick turnaround
>>> Am 19.09.2018 um 13:47 schrieb Jamil Nimeh <jamil.j.nimeh at oracle.com>:
>>> 
>>> Hello all,
>>> 
>>> This fix handles an issue in TLS client certificate authentication where our client was failing to send a certificate after consuming the CertificateRequest message.  Thanks to Norman Maurer for bringing this to our attention.
>>> 
>>> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8210846/webrev.01/
>>> 
>>> JBS: https://bugs.openjdk.java.net/browse/JDK-8210846
>>> 
>>> --Jamil
>>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180919/d5515148/attachment.htm>