[jdk11u] RFR: 8359170: Add 2 TLS and 2 CS Sectigo roots
Severin Gehwolf
sgehwolf at openjdk.org
Fri Jun 13 09:21:38 UTC 2025
On Thu, 12 Jun 2025 17:07:34 GMT, Antonio Vieiro <duke at openjdk.org> wrote:
> Not a clean backport of [JDK-8359170](https://bugs.openjdk.org/browse/JDK-8359170) from 17. This is a late `CPU25_07-critical-approved` enhancement request to include root certificates that are already widely used.
>
> The backport is not clean since 17 uses switch expressions in `CAInterop.java`, which are not available in 11, but it's clean otherwise.
>
> Tested on Linux/x86_86 with `tier1` tests, and additionally:
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/jdk:jdk_security 1356 1356 0 0
> ==============================
> TEST SUCCESS
>
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:./test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
> 1 1 0 0
> ==============================
> TEST SUCCESS
>
>
> (Manual test for just test id=sectigotlsrootr46 and test id=sectigotlsroote46)
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java
> 2 2 0 0
> ==============================
> TEST SUCCESS
>
>
> (Manual test)
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:./test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SectigoCSRootCAs.java
> 1 1 0 0
> ==============================
> TEST SUCCESS
LGTM.
-------------
Marked as reviewed by sgehwolf (Reviewer).
PR Review: https://git.openjdk.org/jdk11u/pull/103#pullrequestreview-2923995331
More information about the jdk-updates-dev
mailing list