[8u] RFR: [TESTBUG] Some ssl jtreg tests fail due to usage of a secp256k1 ECDSA certificate
Severin Gehwolf
sgehwolf at redhat.com
Tue Dec 17 14:42:18 UTC 2019
Hi David,
On Fri, 2019-11-08 at 13:24 -0800, David Alvarez wrote:
> Hi,
>
> Requesting review for:
>
> JBS: https://bugs.openjdk.java.net/browse/JDK-8233864
> Webrev: http://cr.openjdk.java.net/~alvdavi/webrevs/8233864/webrev.8u.00/
>
> After 8u232, certain Tier2 jtreg ssl tests started to fail as they were
> relying on a certificate based on curve secp256k1. That curve is no
> longer enabled for ssl (disabled by JDK-8228825 [1]).
>
> The specific certificate is located in:
> test/sun/security/ssl/etc/keystore
> and
> test/sun/security/ssl/etc/truststore
>
> This patch fixes those tests by recreating the certificate stores with
> new certificates. The generated ECDSA certificate uses secp256r1. These
> certificates are v3 instead of v1 as the originals, but we have seen no
> failures caused by this.
>
> This change includes binary changes. A patch file with binary changes is
> located here:
> http://cr.openjdk.java.net/~alvdavi/patches/8233864.8u.00.patch
Why is this a problem specific to 8u? I see the same cert in 11u's
keystore, Serial number: 57399c1d, alias dummyecdsa.
For the time being I'll remove the jdk8u-fix-request label until it's
clear this is actually an 8u only problem.
Thanks,
Severin
> Thanks,
> --
> David Alvarez
>
> [1] http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5456f24496f4#l1.18
>
More information about the jdk8u-dev
mailing list