<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Alright, I included the hex value of the version to the exception
message.<br>
In addition, one of the regression test was using 0x400 as the
version value and that has to be removed now that the version check
has been corrected.<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~valeriep/8136355/webrev.02/">http://cr.openjdk.java.net/~valeriep/8136355/webrev.02/</a><br>
<br>
Thanks,<br>
Valerie<br>
<br>
<div class="moz-cite-prefix">On 9/21/2016 10:49 AM, Seán Coffey
wrote:<br>
</div>
<blockquote cite="mid:57E2C810.8060901@oracle.com" type="cite">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
Hey Valerie, <br>
<br>
There are a few calls in this code where an exception is thrown if
a bad version is received. It's code that already existed, but
would you mind enhancing the exceptions to print the version while
editing the code there ?<br>
e.g. P11TlsKeyMaterialGenerator.java<br>
<blockquote type="cite">
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
<pre style="color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; white-space: pre-wrap;">+ throw new InvalidAlgorithmParameterException
+ ("Only" + (supportSSLv3? " SSL 3.0,": "") +
+ " TLS 1.0, and TLS 1.1 are supported");</pre>
</blockquote>
<pre class="moz-signature" cols="72">Regards,
Sean.</pre>
<div class="moz-cite-prefix">On 21/09/16 18:28, Valerie Peng
wrote:<br>
</div>
<blockquote
cite="mid:ba9a3565-4623-95ff-7e30-c88277476a90@oracle.com"
type="cite">Good catch, I have fixed all three and updated the
webrev: <br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://cr.openjdk.java.net/%7Evaleriep/8136355/webrev.01">http://cr.openjdk.java.net/~valeriep/8136355/webrev.01</a>
<br>
<br>
Thanks for the prompt review~ <br>
Valerie <br>
<br>
On 9/20/2016 8:11 PM, Xuelei Fan wrote: <br>
<blockquote type="cite">P11TlsKeyMaterialGenerator.java <br>
102-106: <br>
There is a bug in the previous code. "&&" should be
replaced with "||". <br>
- (version < 0x0300) && (version > 0x0302) <br>
+ (version < 0x0300) || (version > 0x0302) <br>
<br>
The other two have the same issues. Otherwise, looks fine to
me. <br>
<br>
BTW, if client request to negotiate SSLv3, the server may not
be able to select other crypto provider that supports SSLv3 at
present. We may want a further enhancement later. As SSLv3
is fading out, this enhancement may be not our priority. I
filed a P3 RFE (JDK-8166425) for the tracking. <br>
<br>
Xuelei <br>
<br>
<br>
On 9/20/2016 8:31 AM, Valerie Peng wrote: <br>
<blockquote type="cite">Xuelei, <br>
<br>
Could you please help reviewing this change? <br>
<br>
There are quite a few test failures on Solaris 12 due to the
removal of <br>
Solaris PKCS11 SSL3 mechanisms which SunPKCS11 provider
assume to be <br>
always present. I updated relevant classes as well as
regression tests <br>
to skip SSL3 testing when the support isn't there. <br>
<br>
Bug: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://bugs.openjdk.java.net/browse/JDK-8136355">https://bugs.openjdk.java.net/browse/JDK-8136355</a>
<br>
Webrev: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://cr.openjdk.java.net/%7Evaleriep/8136355/webrev.00/">http://cr.openjdk.java.net/~valeriep/8136355/webrev.00/</a>
<br>
<br>
Thanks, <br>
Valerie <br>
</blockquote>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>