[jdk8u-dev] RFR: 8361212: Remove AffirmTrust root CAs
Severin Gehwolf
sgehwolf at openjdk.org
Wed Aug 27 13:55:50 UTC 2025
On Wed, 27 Aug 2025 12:55:57 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
> Backport of JDK-8361212 to remove expired certificates. The patch is almost clean as compared to the JDK 11 version (modulo path suffeling).
>
> Testing:
>
> Passed: sun/security/lib/cacerts/VerifyCACerts.java
> FAILED: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#actalisauthenticationrootca
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca1
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca2
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca3
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#amazonrootca4
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass2ca
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#buypassclass3ca
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#certainlyroote1
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#certainlyrootr1
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#certignarootca
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodoeccca
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#comodorsaca
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlseccrootg5
> FAILED: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#digicerttlsrsarootg5
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#emsigneccrootcag3
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#emsignrootcag1
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcaec1
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#entrustrootcag4
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsigne46
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsigneccrootcar4
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#globalsignr46
> Passed: security/infra/java/security/cert/CertPathValidator/certification/CAIntero...
GHA failures are: `CAInterop.java#actalisauthenticationrootca` (JDK-8366176) and the intermittent digicert issues in `jdk_infra` group which I think is pre-existing.
-------------
PR Comment: https://git.openjdk.org/jdk8u-dev/pull/684#issuecomment-3228308087
More information about the jdk8u-dev
mailing list