[jdk8u] RFR: 8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs [v2]
Andrew John Hughes
andrew at openjdk.org
Wed Sep 18 17:33:09 UTC 2024
On Wed, 18 Sep 2024 17:29:07 GMT, Andrew John Hughes <andrew at openjdk.org> wrote:
>> Francisco Ferrari Bihurriet has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Wrap the FINGERPRINTS set as immutable
>
> Backport looks good to me. Missing collection and time methods are ported to suitable 8u equivalents. `java.security` changes are duplicated to the set of files in 8u.
>
> I see differences with `entrustrootcag4-chain.pem` but this seems to be because 11u's version has CRLF line endings for some reason. The 8u one is actually correct in using the usual line endings.
> Adding @gnu-andrew for awareness. According to the [Crypto Roadmap](https://www.java.com/en/jre-jdk-cryptoroadmap.html), this change is targeting 8u, and planned for the October CPU. [23u](https://github.com/openjdk/jdk23u/pull/91), [21u](https://github.com/openjdk/jdk21u/pull/451), [17u](https://github.com/openjdk/jdk17u/pull/396) and [11u](https://github.com/openjdk/jdk11u/pull/95) backports are already integrated.
I'm aware of the fix from 21u. Backport looks good so feel free to apply for approval so we can get this in the October release.
-------------
PR Comment: https://git.openjdk.org/jdk8u/pull/61#issuecomment-2359038792
More information about the jdk8u-dev
mailing list