RFR: 8353738: Update TLS unit tests to not use certificates with MD5 signatures [v6]
Daniel Jeliński
djelinski at openjdk.org
Mon Nov 24 12:23:31 UTC 2025
On Fri, 21 Nov 2025 20:14:53 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
>> This PR updates tests that were using MD5 certificates. For most of the tests, I added test cases for TLSv1.2/MD5withRSA and TLSv1.3/SHA256withRSA.
>
> Matthew Donovan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 11 additional commits since the last revision:
>
> - Updated SAN methods in CertificateBuilder to take multiple names
> - Merge branch 'master' into update-md5-certs
> - removed IPIdentitites.java because it's identical to IPAddressIPIdenties; added IPv6 SAN ext
> - removed unused keystore files, fixed certificate chain
> - Merge branch 'master' into update-md5-certs
> - changed line wrapping
> - removed unnecessary comment and made getSSLContext(...) private
> - changed tests to use SecurityUtils.removeDisabled*Algs methods
> - fixed indents and copyright year
> - Merge branch 'master' into update-md5-certs
> - ... and 1 more: https://git.openjdk.org/jdk/compare/904578e0...6579bc79
Please convert the IPAddressDNSIdentities test as well. It's expecting a handshake failure, but now it's passing for the wrong reasons. Other than that, LGTM.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/27342#issuecomment-3570521948
More information about the net-dev
mailing list