[jdk21u-dev] RFR: 8311546: Certificate name constraints improperly validated with leading period
Goetz Lindenmaier
goetz at openjdk.org
Thu Jan 9 15:23:42 UTC 2025
On Wed, 18 Dec 2024 15:56:26 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:
> Backporting this due to wider customer interest in aligning JDK behavior with other SSL implementations. Both patches apply cleanly. First patch does the fix. Second patch fixes the test.
>
> Additional testing:
> - [x] macos-aarch64-server-release, new test passes with and without the change
> - [x] macos-aarch64-server-release, `sun/security/x509/`
> - [x] linux-x86_64-server-release, `jdk_security`
Yes, I also combine changes with immediate fixes. Especially if one of them needs a review anyways, so it does not cause an unnecessary review.
Further it simplifies backports to later releases, as the change pushed to 21 can directly be backported.
Last, dependent pull request often don't resolve automatically, causing the dilemma to either push right on top, or to wait for the testing of the resolved change.
-------------
PR Comment: https://git.openjdk.org/jdk21u-dev/pull/1268#issuecomment-2580547574
More information about the jdk-updates-dev
mailing list