RFR: 8325766: Review seclibs tests for cert expiry [v3]
Matthew Donovan
mdonovan at openjdk.org
Fri Apr 18 14:26:57 UTC 2025
On Thu, 3 Apr 2025 20:30:33 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains seven commits:
>>
>> - reversed order of DN strings when making certificates.
>> - Merge branch 'master' into certbuilder
>> - Merge branch 'master' into certbuilder
>> - Merge branch 'master' into certbuilder
>> - Merge branch 'master' into certbuilder
>> - changed boolean array initialization
>> - 8325766: Review seclibs tests for cert expiry
>
> test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java line 243:
>
>> 241: .addBasicConstraintsExt(false, false, -1)
>> 242: .addExtension(CertificateBuilder.createIPSubjectAltNameExt(true, "127.0.0.1"))
>> 243: .build(trustedCert, caKeys.getPrivate(), "MD5WithRSA");
>
> MD5 algorithm is not allowed in TLSv1.3
I'll address this in [JDK-8353738](https://bugs.openjdk.org/browse/JDK-8353738)
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r2050704560
More information about the net-dev
mailing list