[security-dev 01695]: Re: Please review new regression test for java.net.* API
Christopher Hegarty -Sun Microsystems Ireland
Christopher.Hegarty at Sun.COM
Thu Mar 18 07:28:26 PDT 2010
Alan Bateman wrote:
> Pavel Tisnovsky wrote:
>> Hi,
>>
>> please review new regression test for java.net.* API. This test check
>> if the cacerts keytool database is configured properly and SSL is
>> really working. The test should not fail if SSL is working (in other
>> case it simply throws IOException). Webrev si available at
>> http://cr.openjdk.java.net/~ptisnovs/TestHttps/
>>
>> Thanks in advance
>> Pavel Tisnovsky
> I suspect the dependency on verisign.com will be problematic. Isn't SSL
> already covered by the javax.net and https tests?
I'm not sure what the prime motivation of the test is. Pavel, can you
please elaborate?
Reading between the lines I guess the test is verifying that the correct
root Certification Authority is installed in cacerts, i.e. the cert
from www.verisign.com can be validated.
Alan is correct there are already tests for SSL/Https in javax.net, but
I believe these use self signed certs, no dependency on cacerts.
-Chris.
>
> -Alan.
More information about the security-dev
mailing list