[jdk8u-dev] RFR: 8308592: Framework for CA interoperability testing [v2]
Andrew John Hughes
andrew at openjdk.org
Tue Nov 28 15:12:51 UTC 2023
On Mon, 27 Nov 2023 19:40:13 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
> This looks good. The reason why `certignarootca` test fails is the different defaults for `jdk.tls.client.enableStatusRequestExtension` between JDK 11 and JDK 8 in `SSLContextImpl.java`. The former has it set to `true` the latter to `false` as per the TLS 1.3 backport to 8. Without it the `ClientHello` won't have the `status_request` extension, which is required for the test to pass.
>
> I suggest to set this to `true` in the affected test only (or set it to true globally in `CAInterop.java`). Either way I'd include this in this backport.
Good catch. Looks like all tests pass with this enabled in `ValidatePathWithURL.java`
~~~
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#actalisauthenticationrootca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca2
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca4
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass2ca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass3ca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#certignarootca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodoeccca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodorsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcaec1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcag4
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsigneccrootcar4
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsignrootcar6
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#godaddyrootg2ca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootcar1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootcar2
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootecccar3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootecccar4
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#letsencryptisrgx1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#microsoftecc2017
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#microsoftrsa2017
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca1g3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca2g3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca3g3
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrooteccca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootevrsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootrsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#starfieldrootg2ca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#twcaglobalrootca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#usertrusteccca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#usertrustrsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CertignaCA.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java
Test results: passed: 37
~~~
-------------
PR Comment: https://git.openjdk.org/jdk8u-dev/pull/390#issuecomment-1830038927
More information about the jdk8u-dev
mailing list