[jdk11u-dev] RFR: 8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
duke
duke at openjdk.org
Thu Feb 19 09:53:54 UTC 2026
On Tue, 17 Feb 2026 15:32:24 GMT, David Sladký <duke at openjdk.org> wrote:
> Backport of [JDK-8369282](https://bugs.openjdk.org/browse/JDK-8369282) - Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
>
> ### Extra changes
>
> **`src/java.base/share/classes/sun/security/validator/ChunghwaTLSPolicy.java:84`**
>
> - return X509CertImpl.getFingerprint("SHA-256", cert, debug);
> + return X509CertImpl.getFingerprint("SHA-256", cert);
>
> - method `getFingerprint()` accepts only two parameters in jdk11.
>
> ### Tests
>
> Tests were run on Fedora 43.
>
> #### Tier 1 - PASSES
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/hotspot/jtreg:tier1 1530 1530 0 0
> jtreg:test/jdk:tier1 1899 1899 0 0
> jtreg:test/langtools:tier1 3941 3941 0 0
> jtreg:test/nashorn:tier1 0 0 0 0
> jtreg:test/jaxp:tier1 0 0 0 0
> ==============================
> TEST SUCCESS
>
>
> #### `sun/security` - PASSES
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/jdk/sun/security 665 665 0 0
> ==============================
> TEST SUCCESS
>
>
> #### GHA - PASSES
@TheMangovnik
Your change (at version aa5d9ad080e5e8a3950895f3ef24d5da53946668) is now ready to be sponsored by a Committer.
-------------
PR Comment: https://git.openjdk.org/jdk11u-dev/pull/3157#issuecomment-3926033292
More information about the jdk-updates-dev
mailing list