[jdk11u-dev] RFR: 8316138: Add GlobalSign 2 TLS root certificates [v3]
Andrew John Hughes
andrew at openjdk.org
Tue May 21 03:40:08 UTC 2024
On Fri, 17 May 2024 14:42:24 GMT, María Arias de Reyna <duke at openjdk.org> wrote:
>> Backport for https://bugs.openjdk.org/browse/JDK-8316138
>>
>> Related to https://github.com/openjdk/jdk21u-dev/pull/581 and https://github.com/openjdk/jdk17u-dev/pull/2479
>>
>> Changes since the original commit: the checksum for the certificates and the folder where the certs are stored.
>>
>>
>> ]$ make run-test TEST="test/jdk/sun/security/lib/cacerts/VerifyCACerts.java"
>> Building target 'run-test' in configuration 'linux-x86_64-normal-server-release'
>> Skip building of Graal unit tests because 3rd party libraries directory is not specified
>> Skip building of Graal unit tests because 3rd party libraries directory is not specified
>> Creating jdk image
>> Test selection 'test/jdk/sun/security/lib/cacerts/VerifyCACerts.java', will run:
>> * jtreg:test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
>>
>> Running test 'jtreg:test/jdk/sun/security/lib/cacerts/VerifyCACerts.java'
>> Passed: sun/security/lib/cacerts/VerifyCACerts.java
>> Test results: passed: 1
>> Report written to /home/delawen/git/jdk11u-dev/build/linux-x86_64-normal-server-release/test-results/jtreg_test_jdk_sun_security_lib_cacerts_VerifyCACerts_java/html/report.html
>> Results written to /home/delawen/git/jdk11u-dev/build/linux-x86_64-normal-server-release/test-support/jtreg_test_jdk_sun_security_lib_cacerts_VerifyCACerts_java
>> Finished running test 'jtreg:test/jdk/sun/security/lib/cacerts/VerifyCACerts.java'
>> Test report is stored in build/linux-x86_64-normal-server-release/test-results/jtreg_test_jdk_sun_security_lib_cacerts_VerifyCACerts_java
>>
>> ==============================
>> Test summary
>> ==============================
>> TEST TOTAL PASS FAIL ERROR
>> jtreg:test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
>> 1 1 0 0
>> ==============================
>> TEST SUCCESS
>>
>> Finished building target 'run-test' in configuration 'linux-x86_64-normal-server-release'
>
> María Arias de Reyna has refreshed the contents of this pull request, and previous commits have been removed. The incremental views will show differences compared to the previous content of the PR. The pull request contains one new commit since the last revision:
>
> Fix switch expression that is too new for this JDK
The [8u backport](https://github.com/openjdk/jdk8u-dev/pull/502) makes a good point that `-Dcom.sun.security.ocsp.useget=false` is of no use here without [JDK-8328638](https://bugs.openjdk.org/browse/JDK-8328638). I would thus remove those lines as in the 8u version.
Also, when comparing with 8u, I noticed that the 11u version only is missing a newline between the new `case` statements and the earlier ones:
17u:
~~~
"https://revoked.root-e1.certainly.com");
+ case "globalsignr46" ->
+ new CATestURLs("https://valid.r46.roots.globalsign.com",
+ "https://revoked.r46.roots.globalsign.com");
+ case "globalsigne46" ->
+ new CATestURLs("https://valid.e46.roots.globalsign.com",
+ "https://revoked.e46.roots.globalsign.com");
+
default -> throw new RuntimeException("No test setup found for: " + alias);
~~~
11u:
~~~
"https://revoked.root-e1.certainly.com");
+ case "globalsignr46":
+ return new CATestURLs("https://valid.r46.roots.globalsign.com",
+ "https://revoked.r46.roots.globalsign.com");
+ case "globalsigne46":
+ return new CATestURLs("https://valid.e46.roots.globalsign.com",
+ "https://revoked.e46.roots.globalsign.com");
default: throw new RuntimeException("No test setup found for: " + alias);
~~~
It would be good if all three backports matched.
-------------
Changes requested by andrew (Reviewer).
PR Review: https://git.openjdk.org/jdk11u-dev/pull/2715#pullrequestreview-2067432089
More information about the jdk-updates-dev
mailing list