RFR: 8353738: Update TLS unit tests to not use certificates with MD5 signatures [v5]
Matthew Donovan
mdonovan at openjdk.org
Fri Nov 21 19:51:58 UTC 2025
On Fri, 14 Nov 2025 10:04:07 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IdentitiesBase.java line 104:
>>
>>> 102: CertificateBuilder.KeyUsage.KEY_ENCIPHERMENT)
>>> 103: .addBasicConstraintsExt(false, false, -1)
>>> 104: .addExtension(CertificateBuilder.createIPSubjectAltNameExt(true, "127.0.0.1"))
>>
>> I assume you verified that the DNSIdentities customization overwrites the SAN configured here, but I'd feel more confident if this line were moved to customizeServerCert in IPIdentities
>
> If there is an alternative SAN for IPv4 loopback address there should be one for the IPv6 loopback too.
> I assume you verified that the DNSIdentities customization overwrites the SAN configured here, but I'd feel more confident if this line were moved to customizeServerCert in IPIdentities
Yes, they are overwritten, extensions are stored as a Map between extention id and the extension.
> If there is an alternative SAN for IPv4 loopback address there should be one for the IPv6 loopback too.
I added the IPV6 loopback.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27342#discussion_r2550800219
More information about the net-dev
mailing list