Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8277307: Pre shared key sent under both session_ticket and pre_shared_key extensions #1946

Closed

Conversation

franferrax
Copy link
Contributor

@franferrax franferrax commented Nov 6, 2023

Requesting backport for parity with 17.0.11-oracle.


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • JDK-8277307 needs maintainer approval

Issue

  • JDK-8277307: Pre shared key sent under both session_ticket and pre_shared_key extensions (Bug - P3 - Approved)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk17u-dev.git pull/1946/head:pull/1946
$ git checkout pull/1946

Update a local copy of the PR:
$ git checkout pull/1946
$ git pull https://git.openjdk.org/jdk17u-dev.git pull/1946/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1946

View PR using the GUI difftool:
$ git pr show -t 1946

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk17u-dev/pull/1946.diff

Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Nov 6, 2023

👋 Welcome back fferrari! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot changed the title Backport 4662e06bff2cef7425c194a9cdd7a6fe7469179e 8277307: Pre shared key sent under both session_ticket and pre_shared_key extensions Nov 6, 2023
@openjdk
Copy link

openjdk bot commented Nov 6, 2023

This backport pull request has now been updated with issue from the original commit.

@openjdk
Copy link

openjdk bot commented Nov 6, 2023

⚠️ @franferrax This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

@openjdk openjdk bot added the rfr Pull request is ready for review label Nov 6, 2023
@mlbridge
Copy link

mlbridge bot commented Nov 6, 2023

Webrevs

@bridgekeeper bridgekeeper bot added the oca Needs verification of OCA signatory status label Nov 6, 2023
@openjdk openjdk bot removed the rfr Pull request is ready for review label Nov 6, 2023
@bridgekeeper bridgekeeper bot removed the oca Needs verification of OCA signatory status label Nov 6, 2023
@openjdk openjdk bot added the rfr Pull request is ready for review label Nov 6, 2023
@franferrax
Copy link
Contributor Author

/approval request 8277307 Clean backport requested for parity with 17.0.11-oracle.

@openjdk
Copy link

openjdk bot commented Nov 7, 2023

@franferrax
8277307: The approval request has been created successfully.

@openjdk openjdk bot added approval and removed approval labels Nov 7, 2023
@franferrax
Copy link
Contributor Author

Hi @GoeLin, just in case the notification was missed, I wanted to let you know that I provided further details in a new comment in JDK-8277307.

@jerboaa
Copy link
Contributor

jerboaa commented Nov 16, 2023

Please mention what kind of testing you have done for this. Thanks!

@franferrax
Copy link
Contributor Author

Please mention what kind of testing you have done for this. Thanks!

Hi @jerboaa, I was relying on GH actions catching any regression. But now that you mentioned, I'm realizing that the test extended by this backport to assert the TLS1.2 session ticket is empty when negotiating TLS 1.3 isn't included (ResumeTLS13withSNI.java).

So I ran the whole test/jdk/javax/net/ssl category including it, along with other 180 tests. It passed 100% with a 785e851 Linux release build. I've also debugged ResumeTLS13withSNI.java to ensure the new assertion is exercised.

@jerboaa
Copy link
Contributor

jerboaa commented Nov 16, 2023

Please mention what kind of testing you have done for this. Thanks!

Hi @jerboaa, I was relying on GH actions catching any regression. But now that you mentioned, I'm realizing that the test extended by this backport to assert the TLS1.2 session ticket is empty when negotiating TLS 1.3 isn't included (ResumeTLS13withSNI.java).

So I ran the whole test/jdk/javax/net/ssl category including it, along with other 180 tests. It passed 100% with a 785e851 Linux release build. I've also debugged ResumeTLS13withSNI.java to ensure the new assertion is exercised.

Thanks. That's always good to know and a good habit to include in "Fix Request" comments.

@openjdk openjdk bot added the approval label Nov 23, 2023
@openjdk
Copy link

openjdk bot commented Nov 28, 2023

@franferrax This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8277307: Pre shared key sent under both session_ticket and pre_shared_key extensions

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 34 new commits pushed to the master branch:

  • d335f04: 8293343: sun/management/jmxremote/bootstrap/RmiSslNoKeyStoreTest.java failed with "Agent communication error: java.io.EOFException"
  • 1d7bc8f: 8313781: Add regression tests for large page logging and user-facing error messages
  • 5531ca5: 8313782: Add user-facing warning if THPs are enabled but cannot be used
  • 0f2da83: 8316746: Top of lock-stack does not match the unlocked object
  • 2da7aeb: 8310656: RISC-V: __builtin___clear_cache can fail silently.
  • 40c29f7: 8279856: Parallel: Use PreservedMarks to record promotion-failed objects
  • 2a37bae: 8262186: Call X509KeyManager.chooseClientAlias once for all key types
  • b7605b7: 8302109: Trivial fixes to btree tests
  • c478c81: 8292067: Convert test/sun/management/jmxremote/bootstrap shell tests to java version
  • e4ddf06: 8320053: GHA: Cross-compile gtest code
  • ... and 24 more: https://git.openjdk.org/jdk17u-dev/compare/4b6ac09ae98e10a58155b95d289c30278eeae666...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

@openjdk openjdk bot added ready Pull request is ready to be integrated and removed approval labels Nov 28, 2023
@jerboaa
Copy link
Contributor

jerboaa commented Nov 28, 2023

@franferrax Please integrate and I can help sponsor this change so it gets in before rampdown (today).

@franferrax
Copy link
Contributor Author

Awesome, thanks @jerboaa and @GoeLin for your guidance.

@franferrax
Copy link
Contributor Author

/integrate

@openjdk openjdk bot added the sponsor Pull request is ready to be sponsored label Nov 28, 2023
@openjdk
Copy link

openjdk bot commented Nov 28, 2023

@franferrax
Your change (at version 785e851) is now ready to be sponsored by a Committer.

@jerboaa
Copy link
Contributor

jerboaa commented Nov 28, 2023

/sponsor

@openjdk
Copy link

openjdk bot commented Nov 28, 2023

Going to push as commit 9128c89.
Since your change was applied there have been 35 commits pushed to the master branch:

  • 770b3d6: 8320209: VectorMaskGen clobbers rflags on x86_64
  • d335f04: 8293343: sun/management/jmxremote/bootstrap/RmiSslNoKeyStoreTest.java failed with "Agent communication error: java.io.EOFException"
  • 1d7bc8f: 8313781: Add regression tests for large page logging and user-facing error messages
  • 5531ca5: 8313782: Add user-facing warning if THPs are enabled but cannot be used
  • 0f2da83: 8316746: Top of lock-stack does not match the unlocked object
  • 2da7aeb: 8310656: RISC-V: __builtin___clear_cache can fail silently.
  • 40c29f7: 8279856: Parallel: Use PreservedMarks to record promotion-failed objects
  • 2a37bae: 8262186: Call X509KeyManager.chooseClientAlias once for all key types
  • b7605b7: 8302109: Trivial fixes to btree tests
  • c478c81: 8292067: Convert test/sun/management/jmxremote/bootstrap shell tests to java version
  • ... and 25 more: https://git.openjdk.org/jdk17u-dev/compare/4b6ac09ae98e10a58155b95d289c30278eeae666...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Nov 28, 2023
@openjdk openjdk bot closed this Nov 28, 2023
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review sponsor Pull request is ready to be sponsored labels Nov 28, 2023
@openjdk
Copy link

openjdk bot commented Nov 28, 2023

@jerboaa @franferrax Pushed as commit 9128c89.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport clean integrated Pull request has been integrated
2 participants