Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Sep 2003 10:34:49 +0300
From:      Alexey Zelkin <phantom@FreeBSD.org.ua>
To:        Panagiotis Astithas <past@netmode.ntua.gr>
Cc:        java@freebsd.org
Subject:   Re: jdk14 patchset 4-pre1
Message-ID:  <20030911103449.A85275@phantom.cris.net>
In-Reply-To: <3F5F9E44.9020607@netmode.ntua.gr>; from past@netmode.ntua.gr on Thu, Sep 11, 2003 at 12:57:24AM %2B0300
References:  <20030910131818.B78730@phantom.cris.net> <3F5F3246.8080206@netmode.ntua.gr> <20030910145338.GD23417@misty.eyesbeyond.com> <3F5F9E44.9020607@netmode.ntua.gr>

next in thread | previous in thread | raw e-mail | index | archive | help
hi,

On Thu, Sep 11, 2003 at 12:57:24AM +0300, Panagiotis Astithas wrote:
> Greg Lewis wrote:
> > On Wed, Sep 10, 2003 at 05:16:38PM +0300, Panagiotis Astithas wrote:
> > 
> >>since I will be making a test build of the 4-pre1 patchset, I will grab 
> >>the opportunity to ask about the Sun-provided SCSL security stuff.
> >>
> >>When I get to the page to download the sources, besides the usual
> >>j2sdk-1_4_1-src-scsl.zip, I can download another file, called 
> >>j2sdk-sec-1_4_1-src-scsl.zip. The latter contains cryptographic code, 
> >>but I am puzzled about its purpose. For all I can say, this contains 
> >>source code for classes that are built with the port anyway, but perhaps 
> >>this other bundle has some benefits, such as stronger encryption? If 
> >>this is so, how could we include it in the build? The bundle contains 
> >>only java files, plus a Windows C file, that I believe we can ignore. 
> >>Also, will the final binary release of 1.4.1 contain these cryptography 
> >>extensions, or the current ones?
> > 
> > 
> > As I understand it, these are the source files for the bundled
> > crytographic JARs, in case you want to compile them yourself.  I don't
> > believe the source code provides anything the bundled versions don't.
> 
> Correct me if I'm wrong, but the standard bundle seems to contain only 
> stub classes, while the security bundle contains concrete 
> implementations. For instance, I look for Cipher.java in the standard 
> bundle and I can find it under a directory blah/stub/blah, containing a 
> comment on top about export restrictions and such. Am I missing 
> something here?
> 
> Of course, then I have the question how the heck my secure web 
> application is working all this time :-)
 
I hit this issue some time ago too :-)

Actually, due to export restrictions, crypto stuff is distributed by
compiled JAR, and in sources only stubs to allow crypto related stuff
be compiled.  After build complete, JAR with stubs is simply replaced
with real one, IIRC.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030911103449.A85275>