[jdk8u-dev] RFR: 8308592: Framework for CA interoperability testing [v2]

Severin Gehwolf sgehwolf at openjdk.org
Thu Nov 30 16:18:40 UTC 2023


On Tue, 28 Nov 2023 15:12:40 GMT, Andrew John Hughes <andrew at openjdk.org> wrote:

>>> This looks good. The reason why `certignarootca` test fails is the different defaults for `jdk.tls.client.enableStatusRequestExtension` between JDK 11 and JDK 8 in `SSLContextImpl.java`. The former has it set to `true` the latter to `false` as per the TLS 1.3 backport to 8. Without it the `ClientHello` won't have the `status_request` extension, which is required for the test to pass.
>>> 
>>> I suggest to set this to `true` in the affected test only (or set it to true globally in `CAInterop.java`). Either way I'd include this in this backport.
>> 
>> Good catch. Looks like all tests pass with this enabled in `ValidatePathWithURL.java`
>> ~~~
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#actalisauthenticationrootca
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca1
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca2
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca3
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca4
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass2ca
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass3ca
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#certignarootca
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodoeccca
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodorsaca
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcaec1
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcag4
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsigneccrootcar4
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsignrootcar6
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#godaddyrootg2ca
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootcar1
>> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#gtsrootcar2
>> Passed: security/infra/java/securi...
>
>> @gnu-andrew Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See [OpenJDK Developers’ Guide](https://openjdk.org/guide/#working-with-pull-requests) for more information.
> 
> Yeah, I'm not going to merge over half a dozen commits manually, bot, when Git is smart enough to match them against the ones you pushed to 8u-dev and just drop them.

@gnu-andrew Could you please integrate this? Thanks!

-------------

PR Comment: https://git.openjdk.org/jdk8u-dev/pull/390#issuecomment-1834087234


More information about the jdk8u-dev mailing list