[jdk8u-dev] RFR: 8345414: Google CAInterop test failures [v2]
Andrew John Hughes
andrew at openjdk.org
Fri Aug 8 14:31:18 UTC 2025
On Fri, 8 Aug 2025 13:51:25 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
> > Looks good. Only two more test failures in `jdk/security_infra` group (which is for another patch):
> > ```
> > security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlsrsarootg5
> > security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#quovadisrootca2g3
> > ```
>
> Those two seem to be caused by the revocation certificate site not serving a revoked cert. See: https://www.quovadisglobal.com/download-roots-crl/ and https://knowledge.digicert.com/general-information/digicert-trusted-root-authority-certificates
>
> Both https://digicert-tls-rsa4096-root-g5-revoked.chain-demos.digicert.com and https://quovadis-root-ca-2-g3-revoked.chain-demos.digicert.com don't properly work (in my browser as well).
Thanks for looking at these.
Yes, I see a failure page in Firefox at first for those URLs, and then clicking 'Try Again' takes me to a page I'm apparently not meant to see.
What I can't understand is why these pass in 11u. I don't see any relevant differences in the tests, which suggests it might be class library differences we might not want to alter. I'm tending towards filing bugs for these and excluding them, so we can have a clean run again at last. Let me know your thoughts.
-------------
PR Comment: https://git.openjdk.org/jdk8u-dev/pull/673#issuecomment-3168144656
More information about the jdk8u-dev
mailing list