[8u] RFR: [TESTBUG] Some ssl jtreg tests fail due to usage of a secp256k1 ECDSA certificate

David Alvarez alvdavi at amazon.com
Fri Nov 8 21:24:43 UTC 2019


Hi,

Requesting review for:

JBS: https://bugs.openjdk.java.net/browse/JDK-8233864
Webrev: http://cr.openjdk.java.net/~alvdavi/webrevs/8233864/webrev.8u.00/

After 8u232, certain Tier2 jtreg ssl tests started to fail as they were
relying on a certificate based on curve secp256k1. That curve is no
longer enabled for ssl (disabled by JDK-8228825 [1]).

The specific certificate is located in:
test/sun/security/ssl/etc/keystore
and
test/sun/security/ssl/etc/truststore

This patch fixes those tests by recreating the certificate stores with
new certificates. The generated ECDSA certificate uses secp256r1. These
certificates are v3 instead of v1 as the originals, but we have seen no
failures caused by this.

This change includes binary changes. A patch file with binary changes is
located here:
http://cr.openjdk.java.net/~alvdavi/patches/8233864.8u.00.patch

Thanks,
--
David Alvarez

[1] http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5456f24496f4#l1.18



More information about the jdk8u-dev mailing list