[jdk25u-dev] RFR: 8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
Roland Mesde
duke at openjdk.org
Wed Feb 11 18:11:31 UTC 2026
Backporting JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA.
This PR implements OpenJDK distrust of TLS certificates anchored by Chunghwa Telecom's ePKI Root CA (following Google/Mozilla). Certificates issued after March 17, 2026 will be rejected during TLS handshakes in SunJSSE.
For parity with Oracle JDK.
Ran related tests on linux-x64, linux-aarch64, macos-aarch64 and windows-x64:
make test TEST=test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/Chunghwa.java
-------------
Commit messages:
- Backport 92abc6dfe43a2c1f10dcfcf1e197fc9369f70ee3
Changes: https://git.openjdk.org/jdk25u-dev/pull/255/files
Webrev: https://webrevs.openjdk.org/?repo=jdk25u-dev&pr=255&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8369282
Stats: 244 lines in 5 files changed: 242 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk25u-dev/pull/255.diff
Fetch: git fetch https://git.openjdk.org/jdk25u-dev.git pull/255/head:pull/255
PR: https://git.openjdk.org/jdk25u-dev/pull/255
More information about the jdk-updates-dev
mailing list