[8u] RFR: [TESTBUG] Some ssl jtreg tests fail due to usage of a secp256k1 ECDSA certificate
Hohensee, Paul
hohensee at amazon.com
Wed Nov 20 17:31:51 UTC 2019
Lgtm.
Paul
On 11/8/19, 1:25 PM, "jdk8u-dev on behalf of David Alvarez" <jdk8u-dev-bounces at openjdk.java.net on behalf of alvdavi at amazon.com> wrote:
Hi,
Requesting review for:
JBS: https://bugs.openjdk.java.net/browse/JDK-8233864
Webrev: http://cr.openjdk.java.net/~alvdavi/webrevs/8233864/webrev.8u.00/
After 8u232, certain Tier2 jtreg ssl tests started to fail as they were
relying on a certificate based on curve secp256k1. That curve is no
longer enabled for ssl (disabled by JDK-8228825 [1]).
The specific certificate is located in:
test/sun/security/ssl/etc/keystore
and
test/sun/security/ssl/etc/truststore
This patch fixes those tests by recreating the certificate stores with
new certificates. The generated ECDSA certificate uses secp256r1. These
certificates are v3 instead of v1 as the originals, but we have seen no
failures caused by this.
This change includes binary changes. A patch file with binary changes is
located here:
http://cr.openjdk.java.net/~alvdavi/patches/8233864.8u.00.patch
Thanks,
--
David Alvarez
[1] http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5456f24496f4#l1.18
More information about the jdk8u-dev
mailing list