RFR: 8325766: Review seclibs tests for cert expiry [v2]

Matthew Donovan mdonovan at openjdk.org
Tue Mar 18 15:02:12 UTC 2025


On Fri, 21 Feb 2025 13:47:59 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:

> The similarity between the certificate pairs is impressive! Just curious - why the change in issuer and owner names?

After looking into this some more, I found that `X500Name(String dname)` is expecting the string to be in the same order as RFC 1779, 2253, or 4514. If you give the constructor a "backwards" string, it will store and print it backwards.

OpenSSL prints them backwards and I was using OpenSSL to print the hard-coded certificates and then just copying and pasting the strings. 

I changed the hard-coded DN strings to follow the RFC order.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/23700#issuecomment-2733572650


More information about the net-dev mailing list