[jdk8u-dev] RFR: 8350498: Remove two Camerfirma root CA certificates
Severin Gehwolf
sgehwolf at openjdk.org
Wed May 14 18:17:54 UTC 2025
On Mon, 12 May 2025 14:59:44 GMT, Antonio Vieiro <duke at openjdk.org> wrote:
> Backport of [JDK-8350498](https://bugs.openjdk.org/browse/JDK-8350498) from 11 that removes two non root CA certificates no longer active.
>
> The PR is on top of https://github.com/openjdk/jdk8u-dev/pull/650 (for [JDK-8303770](https://bugs.openjdk.org/browse/JDK-8303770)) to avoid conflicts, since `CHECKSUM` in `VerifyCACerts.java` is modified by both issues.
>
> Not clean, as file locations have changed between 8 and 11.
>
> Test `VerifyCACerts.java` passes:
>
>
> Passed: security/infra/java/security/cert/CertPathValidator/certification/HaricaCA.java
> Passed: sun/security/lib/cacerts/VerifyCACerts.java
> Passed: security/infra/java/security/cert/CertPathValidator/certification/EmSignRootG2CA.java
jdk/test/sun/security/lib/cacerts/VerifyCACerts.java line 1:
> 1: /*
This file is missing the bug line update that the JDK 11u patch has here:
https://github.com/openjdk/jdk11u-dev/commit/8894d6ad1b83553a5c60af51fd2de2319fd1d6ec#diff-ecedb2ba9c75491cd95fc614c6580b565d2d61a10a253f6a2fcd0fd774b535c3R31
jdk/test/sun/security/ssl/X509TrustManagerImpl/distrust/Camerfirma.java line 37:
> 35: * @summary Check that TLS Server certificates chaining back to distrusted
> 36: * Camerfirma root are invalid
> 37: * @library /test/lib
The `roots` => `root` change is fine. The test library change not. 8u has `lib/security` not `/test/lib`.
-------------
PR Review Comment: https://git.openjdk.org/jdk8u-dev/pull/651#discussion_r2089492164
PR Review Comment: https://git.openjdk.org/jdk8u-dev/pull/651#discussion_r2089489233
More information about the jdk8u-dev
mailing list