[jdk8u] RFR: 8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs [v3]
Andrew John Hughes
andrew at openjdk.org
Thu Mar 13 23:24:58 UTC 2025
On Mon, 10 Mar 2025 12:43:17 GMT, Severin Gehwolf <sgehwolf at openjdk.org> wrote:
>> Move of https://github.com/openjdk/jdk8u-dev/pull/627 to jdk8u (8u452)
>
> Severin Gehwolf has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 10 commits:
>
> - Merge branch 'master-jdk8u' into jdk-8346587-camerfirma-root-distrust
> - Merge branch 'jdk-8339560-unaddressed-comments-backport' into jdk-8346587-camerfirma-root-distrust
> - Remove @modules lines in tests
> - Merge branch 'jdk-8339560-unaddressed-comments-backport' into jdk-8346587-camerfirma-root-distrust
> - Another empty line
> - Merge branch 'jdk-8339560-unaddressed-comments-backport' into jdk-8346587-camerfirma-root-distrust
> - Empty line to reduce differences
> - JDK 8u adjustments for CamerfirmaTLSPolicy
> - 8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs
> - 8339560: Unaddressed comments during code review of JDK-8337664
Looks good to me and adjustments look appropriate.
>From the other PR:
> The JDK 11u patch didn't apply cleanly due to the following reasons:
>
> Set.of() => Collections.unmodifiableSet(new HashSet<>(Arrays.asList())) in CamerfirmaTLSPolicy.java
> LocalDate.ofInstant() => Date.toInstant().atZone(ZoneOffset.UTC).toLocalDate()
> java.security-<os> file duplications
> /test/lib => /lib/security in Camerfirma.java test
> One copyright hunk didn't apply. Applied manually.
>
> Testing:
>
> tests in sun/security/ssl/X509TrustManagerImpl including the new Camerfirma.java test which fails for unpatched and passes with patched JDK 8u."
-------------
Marked as reviewed by andrew (Reviewer).
PR Review: https://git.openjdk.org/jdk8u/pull/68#pullrequestreview-2683575435
More information about the jdk8u-dev
mailing list