Date: Thu, 11 Sep 2003 10:41:42 +0300 From: Panagiotis Astithas <past@netmode.ntua.gr> To: Alexey Zelkin <phantom@FreeBSD.org.ua> Cc: java@freebsd.org Subject: Re: jdk14 patchset 4-pre1 Message-ID: <3F602736.2070608@netmode.ntua.gr> In-Reply-To: <20030911103449.A85275@phantom.cris.net> References: <20030910131818.B78730@phantom.cris.net> <3F5F3246.8080206@netmode.ntua.gr> <20030910145338.GD23417@misty.eyesbeyond.com> <3F5F9E44.9020607@netmode.ntua.gr> <20030911103449.A85275@phantom.cris.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexey Zelkin wrote: > hi, > > On Thu, Sep 11, 2003 at 12:57:24AM +0300, Panagiotis Astithas wrote: > >>Greg Lewis wrote: >> >>>On Wed, Sep 10, 2003 at 05:16:38PM +0300, Panagiotis Astithas wrote: >>> >>> >>>>since I will be making a test build of the 4-pre1 patchset, I will grab >>>>the opportunity to ask about the Sun-provided SCSL security stuff. >>>> >>>>When I get to the page to download the sources, besides the usual >>>>j2sdk-1_4_1-src-scsl.zip, I can download another file, called >>>>j2sdk-sec-1_4_1-src-scsl.zip. The latter contains cryptographic code, >>>>but I am puzzled about its purpose. For all I can say, this contains >>>>source code for classes that are built with the port anyway, but perhaps >>>>this other bundle has some benefits, such as stronger encryption? If >>>>this is so, how could we include it in the build? The bundle contains >>>>only java files, plus a Windows C file, that I believe we can ignore. >>>>Also, will the final binary release of 1.4.1 contain these cryptography >>>>extensions, or the current ones? >>> >>> >>>As I understand it, these are the source files for the bundled >>>crytographic JARs, in case you want to compile them yourself. I don't >>>believe the source code provides anything the bundled versions don't. >> >>Correct me if I'm wrong, but the standard bundle seems to contain only >>stub classes, while the security bundle contains concrete >>implementations. For instance, I look for Cipher.java in the standard >>bundle and I can find it under a directory blah/stub/blah, containing a >>comment on top about export restrictions and such. Am I missing >>something here? >> >>Of course, then I have the question how the heck my secure web >>application is working all this time :-) > > > I hit this issue some time ago too :-) > > Actually, due to export restrictions, crypto stuff is distributed by > compiled JAR, and in sources only stubs to allow crypto related stuff > be compiled. After build complete, JAR with stubs is simply replaced > with real one, IIRC. Ah, thanks. I was beginning to believe I was smoking something... (and feared that I had run out of it) -- Panagiotis Astithas Electrical & Computer Engineer, PhD Network Management Center National Technical University of Athens, Greece
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F602736.2070608>