[security-dev 01708]: Re: Please review new regression test for java.net.* API
Andrew John Hughes
ahughes at redhat.com
Thu Mar 18 11:45:45 PDT 2010
On 18 March 2010 18:40, Brad Wetmore <Bradford.Wetmore at sun.com> wrote:
>
> I have a couple important tasks to finish ASAP, so if there is more
> discussion, I'll have to jump in sometime next week, but wanted to add
> one thing before anything was done:
>
> Pavel wrote:
>> And we can use other URL if verisign.com is problematic.
>
> We've tried to limit the reliance on servers outside our control for the
> open tests and to be as self-contained as possible, tho I'm sure there
> are still some tests that do this anyway. IMHO, it's not exactly
> neighborly of OpenJDK to include tests that just bang on someone's
> server(s) for "testing", even if the volume isn't terribly high. I
> think we should check with the server's admin before we included such a
> test in the general repository.
>
> In the past we've also had transient network errors (servers or network
> down), so that was another reason to limit our external dependencies.
> But they still had to be investigated and took time.
>
https://jaxp.dev.java.net/files/documents/913/147490 seems an
appropriate URL to hit. It's the very URL that causes the OpenJDK
build to fail to bootstrap itself and I assume Oracle do control
dev.java.net to some degree.
> Brad
>
>
>
>
>
>
> On 3/18/2010 8:50 AM, Pavel Tisnovsky wrote:
>> Christopher Hegarty -Sun Microsystems Ireland wrote:
>>> Alan Bateman wrote:
>>>> Pavel Tisnovsky wrote:
>>>>> Hi,
>>>>>
>>>>> please review new regression test for java.net.* API. This test
>>>>> check if the cacerts keytool database is configured properly and SSL
>>>>> is really working. The test should not fail if SSL is working (in
>>>>> other case it simply throws IOException). Webrev si available at
>>>>> http://cr.openjdk.java.net/~ptisnovs/TestHttps/
>>>>>
>>>>> Thanks in advance
>>>>> Pavel Tisnovsky
>>>> I suspect the dependency on verisign.com will be problematic. Isn't
>>>> SSL already covered by the javax.net and https tests?
>>>
>>> I'm not sure what the prime motivation of the test is. Pavel, can you
>>> please elaborate?
>>>
>>> Reading between the lines I guess the test is verifying that the
>>> correct root Certification Authority is installed in cacerts, i.e.
>>> the cert from www.verisign.com can be validated.
>>
>> Hi Chris, you guessed correctly :-) And we can use other URL if
>> verisign.com is problematic.
>>
>>>
>>> Alan is correct there are already tests for SSL/Https in javax.net,
>>> but I believe these use self signed certs, no dependency on cacerts.
>>>
>>> -Chris.
>>>
>>>>
>>>> -Alan.
>>
>
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the security-dev
mailing list