Package: jglobus / 2.1.0-8

Metadata

Package Version Patches format
jglobus 2.1.0-8 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
jglobus DERObjectIdentifier is obsolete.patch | (download)

ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java | 4 2 + 2 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleUtil.java | 4 2 + 2 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/bc/X509NameHelper.java | 6 3 + 3 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java | 11 5 + 6 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyPolicy.java | 22 11 + 11 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java | 10 5 + 5 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/util/CertificateUtil.java | 4 2 + 2 - 0 !
ssl-proxies/src/test/java/org/globus/gsi/proxy/ext/ProxyCertInfoTest.java | 9 4 + 5 - 0 !
8 files changed, 34 insertions(+), 36 deletions(-)

 [patch] derobjectidentifier is obsolete


jglobus dont force SSLv3.patch | (download)

myproxy/src/main/java/org/globus/myproxy/MyProxy.java | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 [patch] in myproxy.bootstraptrust(), don't force sslv3, so tls is
 used by default and there are no compatibility problems with MyProxy servers
 that don't support SSLv3


jglobus key usage.patch | (download)

ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java | 10 0 + 10 - 0 !
1 file changed, 10 deletions(-)

 [patch] relax proxy validation to be rfc-3820 compliant

Motivation:

Nothing in RFC-3820 states that an X.509 proxy certificate cannot assert
KeyUsage; however, such certificates are currently rejected by JGlobus.
This discrepency is likely due to code developed against a draft version
of the RFC and not subsequently updated, but it is certainly preventing
the adoption of RFC proxies as some CAs assert NON_REPUDIATION as a
KeyUsage.

Modification:

Update proxy certificate validation so that certificates that assert
NON_REPUDIATION or KEY_CERTSIGN are accepted.

Result:

RFC-3820 compliant proxies that assert KeyUsage should now be accepted.

Closes jglobus/JGlobus#160

jglobus javadoc.patch | (download)

gram/src/main/java/org/globus/gram/GramAttributes.java | 2 1 + 1 - 0 !
gram/src/main/java/org/globus/gram/GramJob.java | 4 2 + 2 - 0 !
gram/src/main/java/org/globus/rsl/ParseException.java | 2 1 + 1 - 0 !
gridftp/src/main/java/org/globus/ftp/ByteRange.java | 2 1 + 1 - 0 !
gridftp/src/main/java/org/globus/ftp/ByteRangeList.java | 6 3 + 3 - 0 !
gridftp/src/main/java/org/globus/ftp/FTPClient.java | 16 8 + 8 - 0 !
gridftp/src/main/java/org/globus/ftp/HostPort6.java | 4 2 + 2 - 0 !
gridftp/src/main/java/org/globus/ftp/dc/AbstractDataChannel.java | 4 2 + 2 - 0 !
gridftp/src/main/java/org/globus/ftp/vanilla/Command.java | 3 1 + 2 - 0 !
gridftp/src/main/java/org/globus/ftp/vanilla/Reply.java | 4 0 + 4 - 0 !
gss/src/main/java/org/globus/gsi/gssapi/GlobusGSSName.java | 2 1 + 1 - 0 !
jsse/src/test/java/org/globus/gsi/jsse/SSLConfiguratorTest.java | 2 1 + 1 - 0 !
ssl-proxies/src/main/java/org/globus/common/CoGProperties.java | 6 3 + 3 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java | 2 1 + 1 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/SigningPolicyParser.java | 37 21 + 16 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/TrustedCertificates.java | 6 3 + 3 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java | 2 1 + 1 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/X509ProxyCertPathParameters.java | 2 0 + 2 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/gssapi/jaas/JaasSubject.java | 6 3 + 3 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/proxy/ext/ProxyCertInfo.java | 2 1 + 1 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/stores/PEMKeyStoreParameters.java | 2 1 + 1 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/stores/ResourceCertStore.java | 8 4 + 4 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/stores/ResourceCertStoreParameters.java | 6 3 + 3 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/stores/ResourceSigningPolicyStoreParameters.java | 6 3 + 3 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/trustmanager/PKITrustManager.java | 2 1 + 1 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/trustmanager/PKITrustManagerFactory.java | 2 1 + 1 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/trustmanager/TrustedCertPathFinder.java | 4 2 + 2 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/trustmanager/X509ProxyCertPathValidator.java | 4 2 + 2 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/util/CertificateLoadUtil.java | 2 1 + 1 - 0 !
ssl-proxies/src/main/java/org/globus/tools/ProxyInfo.java | 2 1 + 1 - 0 !
ssl-proxies/src/test/java/org/globus/gsi/provider/MockCertStore.java | 8 4 + 4 - 0 !
ssl-proxies/src/test/java/org/globus/gsi/provider/MockKeyStore.java | 42 21 + 21 - 0 !
ssl-proxies/src/test/java/org/globus/gsi/provider/TestTrustManager.java | 2 1 + 1 - 0 !
33 files changed, 101 insertions(+), 103 deletions(-)

 [patch] javadoc fixes


jglobus do not accumulate matches in GlobusPathMatchingResou.patch | (download)

ssl-proxies/src/main/java/org/globus/util/GlobusPathMatchingResourcePatternResolver.java | 17 9 + 8 - 0 !
1 file changed, 9 insertions(+), 8 deletions(-)

 [patch] do not accumulate matches in
 GlobusPathMatchingResourcePatternResolver (#157)

* Do not accumulate matches in GlobusPathMatchingResourcePatternResolver

Multiple calls to getResources() in GlobusPathMatchingResourcePatternResolver
are not expected to accumulate results. Allocate a new
pathsMatchingLocationPattern Vector for each call.

* Remove private class variable pathsMatchingLocationPattern from GlobusPathMatchingResourcePatternResolver

Pass the variable as a function argument instead

jglobus do not force SSLv3 TLSv1 allow TLSv1.1 TLSv1.2.patch | (download)

gss/src/main/java/org/globus/gsi/gssapi/GlobusGSSContextImpl.java | 9 0 + 9 - 0 !
1 file changed, 9 deletions(-)

 [patch] do not force sslv3/tlsv1 - allow tlsv1.1/tlsv1.2


jglobus remove synchronization on CRL in CRLChecker.patch | (download)

ssl-proxies/src/main/java/org/globus/gsi/trustmanager/CRLChecker.java | 15 3 + 12 - 0 !
1 file changed, 3 insertions(+), 12 deletions(-)

 [patch] remove synchronization on crl in crlchecker

Motivation:

Versions of BouncyCastle prior to 1.46 had a race in LazyDERSequence. To
avoid that race, CRLChecker synchronized on the CRL. This leads to lock
contention. After upgrading to BouncyCastle 1.46 this workaround is no
longer needed.

Modification:

Remove the synchronization on the CRL.

Result:

Reduced lock contention leads to higher request throughput.

jglobus support PKCS8 key format.patch | (download)

ssl-proxies/src/main/java/org/globus/gsi/OpenSSLKey.java | 20 17 + 3 - 0 !
ssl-proxies/src/main/java/org/globus/gsi/X509Credential.java | 7 7 + 0 - 0 !
2 files changed, 24 insertions(+), 3 deletions(-)

 [patch] workaround to support sl6 openssl default pkcs8 key format


jglobus only allow TLSv1 and TLSv1.2 not TLSv1.1.patch | (download)

gss/src/main/java/org/globus/gsi/gssapi/GlobusGSSContextImpl.java | 2 2 + 0 - 0 !
myproxy/src/main/java/org/globus/myproxy/MyProxy.java | 1 1 + 0 - 0 !
2 files changed, 3 insertions(+)

 [patch 1/2] only allow tlsv1 and tlsv1.2 (not tlsv1.1)


jglobus remove unused FORCE_SSLV3_AND_CONSTRAIN_CIPHERSUITES.patch | (download)

gss/src/main/java/org/globus/gsi/gssapi/GSSConstants.java | 9 0 + 9 - 0 !
gss/src/main/java/org/globus/gsi/gssapi/GlobusGSSContextImpl.java | 42 5 + 37 - 0 !
2 files changed, 5 insertions(+), 46 deletions(-)

 [patch 2/2] remove unused
 FORCE_SSLV3_AND_CONSTRAIN_CIPHERSUITES_FOR_GRAM option This has not been in
 use since commit c9eeba1 (Jan 2011)


jglobus adapt to changes in PrivateKeyInfo class.patch | (download)

ssl-proxies/src/main/java/org/globus/gsi/bc/BouncyCastleOpenSSLKey.java | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] adapt to changes in privatekeyinfo class