[jdk11u-dev] Integrated: 8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs
Antonio Vieiro
duke at openjdk.org
Fri Feb 14 16:24:21 UTC 2025
On Thu, 13 Feb 2025 18:52:18 GMT, Antonio Vieiro <duke at openjdk.org> wrote:
> Almost clean backport of [JDK-8346587](https://bugs.openjdk.org/browse/JDK-8346587) to distrust TLS server certificates issued after April 15, 2025 and anchored by Camerfirma Root CAs.
>
> This is on top of [this previous PR](https://github.com/openjdk/jdk11u-dev/pull/2993) for [JDK-8339560](https://bugs.openjdk.org/browse/JDK-8339560) ("Unaddressed comments during code review of JDK-8337664").
>
> The backport is not completely clean because it required a change in line 98 of `CamerfirmaTLSPolicy.java` since [JDK-8270946](https://bugs.openjdk.org/browse/JDK-8270946) has not been backported to 11.
>
> Passes `tier1` and `jdk/sun/security` tests:
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/hotspot/jtreg:tier1 1497 1497 0 0
> jtreg:test/jdk:tier1 1899 1899 0 0
> jtreg:test/langtools:tier1 3941 3941 0 0
> jtreg:test/nashorn:tier1 0 0 0 0
> jtreg:test/jaxp:tier1 0 0 0 0
> ==============================
> TEST SUCCESS
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/jdk/sun/security 657 657 0 0
> ==============================
> TEST SUCCESS
This pull request has now been integrated.
Changeset: 8322c66e
Author: Antonio Vieiro <avieirov at redhat.com>
Committer: Severin Gehwolf <sgehwolf at openjdk.org>
URL: https://git.openjdk.org/jdk11u-dev/commit/8322c66efa9da9210eca7d6081d2a8c2d65ba4e0
Stats: 392 lines in 8 files changed: 388 ins; 0 del; 4 mod
8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs
Reviewed-by: sgehwolf
Backport-of: f4bef2f24a9bb433b5693aa59bb81acac6b311f3
-------------
PR: https://git.openjdk.org/jdk11u-dev/pull/2994
More information about the jdk-updates-dev
mailing list