RFR: 8225739: sun/security/pkcs11/tls/tls12/FipsModeTLS12.java is not reliable
Rajan Halade
rhalade at openjdk.org
Fri Feb 7 21:02:10 UTC 2025
On Fri, 17 Jan 2025 17:24:57 GMT, Martin Balao <mbalao at openjdk.org> wrote:
> Hello,
>
> I would like to propose a solution for this test that makes it more clear when it's skipped.
>
> Regards,
> Martin.-
Changes requested by rhalade (Reviewer).
test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java line 95:
> 93: System.out.println(e);
> 94: }
> 95: throw new SkippedException("Test skipped: failure during " +
I think we should update test to fail if call to `initialize` fails with any other exception than `SkippedException` which is thrown from call to `initSecmod` if NSS library fails. So you can remove try-catch here.
test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java line 99:
> 97: }
> 98:
> 99: if (shouldRun()) {
you can remove the check at line 114-116 which checks `sunPKCS11NSSProvider`. It is set by call to `initialize` and fails if PKCS11 provider is not found. Let `shouldRun` fail if call to `getInstance` fails with any other reason than `NoSuchAlgorithmException`
-------------
PR Review: https://git.openjdk.org/jdk/pull/23177#pullrequestreview-2602811011
PR Review Comment: https://git.openjdk.org/jdk/pull/23177#discussion_r1947173323
PR Review Comment: https://git.openjdk.org/jdk/pull/23177#discussion_r1947186406
More information about the security-dev
mailing list