RFR: 8325766: Review seclibs tests for cert expiry [v2]
Matthew Donovan
mdonovan at openjdk.org
Tue Mar 18 15:02:12 UTC 2025
On Fri, 21 Feb 2025 13:47:59 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
> The similarity between the certificate pairs is impressive! Just curious - why the change in issuer and owner names?
After looking into this some more, I found that `X500Name(String dname)` is expecting the string to be in the same order as RFC 1779, 2253, or 4514. If you give the constructor a "backwards" string, it will store and print it backwards.
OpenSSL prints them backwards and I was using OpenSSL to print the hard-coded certificates and then just copying and pasting the strings.
I changed the hard-coded DN strings to follow the RFC order.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23700#issuecomment-2733572650
More information about the net-dev
mailing list