[jdk8u-dev] RFR: 8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs [v3]
Martin Balao
mbalao at openjdk.org
Tue Feb 25 21:29:57 UTC 2025
On Tue, 25 Feb 2025 17:04:33 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
>> Please review this backport of adding distrust for certificates rooted by Camerfirma. The JDK 11u patch didn't apply cleanly due to the following reasons:
>>
>> - `Set.of()` => `Collections.unmodifiableSet(new HashSet<>(Arrays.asList()))` in `CamerfirmaTLSPolicy.java`
>> - `LocalDate.ofInstant()` => `Date.toInstant().atZone(ZoneOffset.UTC).toLocalDate()`
>> - `java.security-<os>` file duplications
>> - `/test/lib` => `/lib/security` in `Camerfirma.java` test
>> - One copyright hunk didn't apply. Applied manually.
>>
>> Testing:
>> - [x] tests in `sun/security/ssl/X509TrustManagerImpl` including the new `Camerfirma.java` test which fails for unpatched and passes with patched JDK 8u.
>
> Severin Gehwolf has updated the pull request incrementally with two additional commits since the last revision:
>
> - Merge branch 'jdk-8339560-unaddressed-comments-backport' into jdk-8346587-camerfirma-root-distrust
> - Another empty line
Thanks for proposing this backport. Looks good to me.
-------------
Marked as reviewed by mbalao (Reviewer).
PR Review: https://git.openjdk.org/jdk8u-dev/pull/627#pullrequestreview-2642504686
More information about the jdk8u-dev
mailing list