[jdk25u-dev] Integrated: 8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
Roland Mesde
duke at openjdk.org
Mon Feb 16 20:03:49 UTC 2026
On Wed, 11 Feb 2026 16:39:03 GMT, Roland Mesde <duke at openjdk.org> wrote:
> Backporting JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA.
>
> This PR implements OpenJDK distrust of TLS certificates anchored by Chunghwa Telecom's ePKI Root CA (following Google/Mozilla). Certificates issued after March 17, 2026 will be rejected during TLS handshakes in SunJSSE.
>
> For parity with Oracle JDK.
>
> Ran related tests on linux-x64, linux-aarch64, macos-aarch64 and windows-x64:
>
> make test TEST=test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/Chunghwa.java
>
> Results attached:
>
> [windows-x64-specific-test.log](https://github.com/user-attachments/files/25267098/windows-x64-specific-test.log)
> [macos-aarch64-specific-test.log](https://github.com/user-attachments/files/25267099/macos-aarch64-specific-test.log)
> [linux-x64-specific-test.log](https://github.com/user-attachments/files/25267100/linux-x64-specific-test.log)
> [linux-aarch64-specific-test.log](https://github.com/user-attachments/files/25267102/linux-aarch64-specific-test.log)
This pull request has now been integrated.
Changeset: 4b02ce9f
Author: Roland Mesde <mesde at amazon.com>
Committer: Paul Hohensee <phh at openjdk.org>
URL: https://git.openjdk.org/jdk25u-dev/commit/4b02ce9fdbf546c7c43adbfe4fe6ddf923ea432e
Stats: 244 lines in 5 files changed: 242 ins; 0 del; 2 mod
8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
Backport-of: 92abc6dfe43a2c1f10dcfcf1e197fc9369f70ee3
-------------
PR: https://git.openjdk.org/jdk25u-dev/pull/255
More information about the jdk-updates-dev
mailing list