[jdk8u-dev] RFR: 8269039: Disable SHA-1 Signed JARs [v2]
Martin Balao
mbalao at openjdk.org
Wed Nov 16 23:01:47 UTC 2022
On Wed, 16 Nov 2022 15:52:45 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
>> jdk/test/java/security/Security/signedfirst/DynStatic.java line 36:
>>
>>> 34: import java.util.List;
>>> 35:
>>> 36: import jdk.test.lib.process.ProcessTools;
>>
>> The `ProcessTools` class in JDK-8 has always been `jdk.testlibrary.ProcessTools`. To use it, you would only need `@library /lib/testlibrary` in the test's JTREG header. Unfortunately, one backport -which I presume to be JFR- introduced the same class, from a newer JDK release, at a different location. So we now have duplicated code for this test library and it is causing confusion: I can now see a couple of TLS test using this library when they shouldn't. Until we get rid of this technical debt, I suggest that all JDK-8 tests keep using `jdk.testlibrary.ProcessTools`.
>
> Thank you. You are right. jdk.testlibrary.ProcessTools is a better choice even if some modifications are required.
> Fixed
Good, thanks.
>> jdk/test/sun/security/tools/jarsigner/TimestampCheck.java line 461:
>>
>>> 459: .shouldMatch("Timestamp.*digest.*SHA-1.*(disabled)");
>>> 460:
>>> 461: // Disabled algorithms
>>
>> Isn't this comment removed?
>
> Thank you. Fixed
Good, thanks.
-------------
PR: https://git.openjdk.org/jdk8u-dev/pull/154
More information about the jdk8u-dev
mailing list