[jdk8u] RFR: 8359170: Add 2 TLS and 2 CS Sectigo roots
Antonio Vieiro
duke at openjdk.org
Fri Jun 13 14:25:20 UTC 2025
Not a clean backport of [JDK-8359170](https://bugs.openjdk.org/browse/JDK-8359170) from 11. This is a late CPU25_07-critical-approved enhancement request to include root certificates that are already widely used.
The backport is not clean as some files have changed locations in 8.
Also **I removed the `/manual` stanza from the tests in `CAInterop.java` and the newly added `SectigoCSRootCAs.java`**, since [JDK-8334441](https://bugs.openjdk.org/browse/JDK-8334441) has not yet been backported to jdk8u.
`jdk_security_infra` tests:
6 failed (possibly due to the reasons described in [JDK-8334441](https://bugs.openjdk.org/browse/JDK-8334441): network timeouts, expired certificates, ...) unrelated. Modified and new tests pass:
[...]
Passed: security/infra/java/security/cert/CertPathValidator/certification/EmSignRootG2CA.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java
Passed: security/infra/java/security/cert/CertPathValidator/certification/SectigoCSRootCAs.java <---
Passed: sun/security/lib/cacerts/VerifyCACerts.java <---
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#usertrusteccca
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sectigotlsroote46 <---
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sectigotlsrootr46 <---
Passed: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#usertrustrsaca
Passed: security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java
Test results: passed: 50; failed: 6
Test results: passed: 50; failed: 6
TEST STATS: name=jdk_security_infra run=56 pass=50 fail=6
`jdk_security`:
3 failed, unrelated.
FAILED: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
FAILED: sun/security/pkcs11/Signature/TestDSAKeyLength.java
FAILED: sun/security/tools/jarsigner/TimestampCheck.java
TEST STATS: name=jdk_security run=1120 pass=1117 fail=3
-------------
Commit messages:
- Backport e00605fcebe7b2716db6b95e7bcae47d85b88dce
Changes: https://git.openjdk.org/jdk8u/pull/75/files
Webrev: https://webrevs.openjdk.org/?repo=jdk8u&pr=75&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8359170
Stats: 479 lines in 7 files changed: 475 ins; 0 del; 4 mod
Patch: https://git.openjdk.org/jdk8u/pull/75.diff
Fetch: git fetch https://git.openjdk.org/jdk8u.git pull/75/head:pull/75
PR: https://git.openjdk.org/jdk8u/pull/75
More information about the jdk8u-dev
mailing list