[jdk11u] Integrated: 8359170: Add 2 TLS and 2 CS Sectigo roots

Antonio Vieiro duke at openjdk.org
Fri Jun 13 10:15:45 UTC 2025 

On Thu, 12 Jun 2025 17:07:34 GMT, Antonio Vieiro <duke at openjdk.org> wrote:

> Not a clean backport of [JDK-8359170](https://bugs.openjdk.org/browse/JDK-8359170) from 17. This is a late `CPU25_07-critical-approved` enhancement request to include root certificates that are already widely used.
> 
> The backport is not clean since 17 uses switch expressions in `CAInterop.java`, which are not available in 11, but it's clean otherwise.
> 
> Tested on Linux/x86_86 with `tier1` tests, and additionally:
> 
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/jdk:jdk_security                        1356  1356     0     0   
> ==============================
> TEST SUCCESS
> 
> 
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:./test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
>                                                          1     1     0     0   
> ==============================
> TEST SUCCESS
> 
> 
> (Manual test for just test id=sectigotlsrootr46 and test id=sectigotlsroote46)
> 
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java
>                                                          2     2     0     0   
> ==============================
> TEST SUCCESS
> 
> 
> (Manual test)
> 
> 
> ==============================
> Test summary
> ==============================
>    TEST                                              TOTAL  PASS  FAIL ERROR   
>    jtreg:./test/jdk/security/infra/java/security/cert/CertPathValidator/certification/SectigoCSRootCAs.java
>                                                          1     1     0     0   
> ==============================
> TEST SUCCESS

This pull request has now been integrated.

Changeset: e00605fc
Author:    Antonio Vieiro <avieirov at redhat.com>
Committer: Severin Gehwolf <sgehwolf at openjdk.org>
URL:       https://git.openjdk.org/jdk11u/commit/e00605fcebe7b2716db6b95e7bcae47d85b88dce
Stats:     479 lines in 7 files changed: 475 ins; 0 del; 4 mod

8359170: Add 2 TLS and 2 CS Sectigo roots

Reviewed-by: sgehwolf
Backport-of: 42a0772283bad618d450378b3d0b513a26ed1156

-------------

PR: https://git.openjdk.org/jdk11u/pull/103

More information about the jdk-updates-dev mailing list