[jdk8u] RFR: 8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs [v2]
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Thu Sep 12 19:37:10 UTC 2024
On Thu, 12 Sep 2024 15:58:42 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
>> Francisco Ferrari Bihurriet has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Wrap the FINGERPRINTS set as immutable
>
> jdk/src/share/classes/sun/security/validator/EntrustTLSPolicy.java line 49:
>
>> 47:
>> 48: // SHA-256 certificate fingerprints of distrusted roots
>> 49: private static final Set<String> FINGERPRINTS = new HashSet<>(Arrays.asList(
>
> Suggestion:
>
> private static final Set<String> FINGERPRINTS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(...)));
Updated in e96486dc7adf8fd65a398490d30d44cfbb86df4c, please note that the `SYMANTEC_TLS` distrust policy (which I checked for this backport) does not make the `FINGERPRINTS` set immutable either:
https://github.com/openjdk/jdk8u/blob/e32d62e2a39510f643b32d615e76f0ff9be3d9f3/jdk/src/share/classes/sun/security/validator/SymantecTLSPolicy.java#L66-L70
Should we also update `SymantecTLSPolicy.java`?
-------------
PR Review Comment: https://git.openjdk.org/jdk8u/pull/61#discussion_r1757478058
More information about the jdk8u-dev
mailing list