[jdk8u-dev] RFR: 8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs [v3]
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Tue Feb 25 19:48:00 UTC 2025
On Tue, 25 Feb 2025 17:04:33 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
>> Please review this backport of adding distrust for certificates rooted by Camerfirma. The JDK 11u patch didn't apply cleanly due to the following reasons:
>>
>> - `Set.of()` => `Collections.unmodifiableSet(new HashSet<>(Arrays.asList()))` in `CamerfirmaTLSPolicy.java`
>> - `LocalDate.ofInstant()` => `Date.toInstant().atZone(ZoneOffset.UTC).toLocalDate()`
>> - `java.security-<os>` file duplications
>> - `/test/lib` => `/lib/security` in `Camerfirma.java` test
>> - One copyright hunk didn't apply. Applied manually.
>>
>> Testing:
>> - [x] tests in `sun/security/ssl/X509TrustManagerImpl` including the new `Camerfirma.java` test which fails for unpatched and passes with patched JDK 8u.
>
> Severin Gehwolf has updated the pull request incrementally with two additional commits since the last revision:
>
> - Merge branch 'jdk-8339560-unaddressed-comments-backport' into jdk-8346587-camerfirma-root-distrust
> - Another empty line
@jerboaa: although I'm not a Reviewer, it looks good to me.
I didn't realize you had also submitted this PR, sorry for the minor changes in #626, which required two merges here.
-------------
Marked as reviewed by fferrari (no project role).
PR Review: https://git.openjdk.org/jdk8u-dev/pull/627#pullrequestreview-2642272434
More information about the jdk8u-dev
mailing list