[jdk11u-dev] Integrated: 8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
David Sladký
duke at openjdk.org
Thu Feb 19 10:06:11 UTC 2026
On Tue, 17 Feb 2026 15:32:24 GMT, David Sladký <duke at openjdk.org> wrote:
> Backport of [JDK-8369282](https://bugs.openjdk.org/browse/JDK-8369282) - Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
>
> ### Extra changes
>
> **`src/java.base/share/classes/sun/security/validator/ChunghwaTLSPolicy.java:84`**
>
> - return X509CertImpl.getFingerprint("SHA-256", cert, debug);
> + return X509CertImpl.getFingerprint("SHA-256", cert);
>
> - method `getFingerprint()` accepts only two parameters in jdk11.
>
> ### Tests
>
> Tests were run on Fedora 43.
>
> #### Tier 1 - PASSES
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/hotspot/jtreg:tier1 1530 1530 0 0
> jtreg:test/jdk:tier1 1899 1899 0 0
> jtreg:test/langtools:tier1 3941 3941 0 0
> jtreg:test/nashorn:tier1 0 0 0 0
> jtreg:test/jaxp:tier1 0 0 0 0
> ==============================
> TEST SUCCESS
>
>
> #### `sun/security` - PASSES
>
>
> ==============================
> Test summary
> ==============================
> TEST TOTAL PASS FAIL ERROR
> jtreg:test/jdk/sun/security 665 665 0 0
> ==============================
> TEST SUCCESS
>
>
> #### GHA - PASSES
This pull request has now been integrated.
Changeset: 53b96173
Author: David Sladký <sladky.david at proton.me>
Committer: Severin Gehwolf <sgehwolf at openjdk.org>
URL: https://git.openjdk.org/jdk11u-dev/commit/53b9617326389588780a560799444f170175df8d
Stats: 244 lines in 5 files changed: 242 ins; 0 del; 2 mod
8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
Reviewed-by: sgehwolf, andrew
Backport-of: e47690176cade6a6f8cf97059cfe914f5f67cd87
-------------
PR: https://git.openjdk.org/jdk11u-dev/pull/3157
More information about the jdk-updates-dev
mailing list