RFR 8189131: Open-source the Oracle JDK Root Certificates
Sean Mullan
sean.mullan at oracle.com
Fri Dec 1 18:09:20 UTC 2017
On 12/1/17 12:22 PM, Alan Bateman wrote:
>
>
> On 01/12/2017 17:16, Volker Simonis wrote:
>> Hi Rajan,
>>
>> great to see this finally happen!
>>
>> I have just a quick question related to the tests. As far as I can
>> see, the tests will only succeed if the OpenJDK will be build with the
>> new open sourced, Oracle root certificates. But what if somebody is
>> building the OpenJDK with his own set of root certificates (by using
>> the --with-cacerts-file option)? Do you see any possibility of
>> restricting these tests only to builds which used the original,
>> checked in cacerts file?
> If needed, you could add a keyword (@key tag) on these tests, or any
> tests that depend on the OpenJDK cacerts file, so can you control if the
> tests are run or not.
Also, the interop tests are not part of any of the 3 tiers, so they
won't be run unless you specifically include the jdk_security_infra group.
So only the VerifyCACerts test would potentially fail by default (it is
part of tier2). If this becomes a big issue, we can follow-up later and
investigate more with some sort of fix, but I don't think this should
hold up the current fix.
Thanks,
Sean
More information about the security-dev
mailing list