RFR 8189131: Open-source the Oracle JDK Root Certificates

Magnus Ihse Bursie magnus.ihse.bursie at oracle.com
Tue Dec 5 08:19:27 UTC 2017


On 2017-12-01 18:16, Volker Simonis wrote:
> Hi Rajan,
>
> great to see this finally happen!
>
> I have just a quick question related to the tests. As far as I can
> see, the tests will only succeed if the OpenJDK will be build with the
> new open sourced, Oracle root certificates. But what if somebody is
> building the OpenJDK with his own set of root certificates (by using
> the --with-cacerts-file option)? Do you see any possibility of
> restricting these tests only to builds which used the original,
> checked in cacerts file?

My question is if the --with-cacerts-file option is still relevant after 
this? I see a good chance of simplifying some build logic here. :-)

/Magnus

>
> Regards,
> Volker
>
>
> On Fri, Dec 1, 2017 at 5:54 PM, Rajan Halade <rajan.halade at oracle.com> wrote:
>> May I request for your review of this fix to open source the root
>> certificates in Oracle's Java SE Root CA program. The fix is to populate
>> cacerts keystore with root certificates and add corresponding tests for it
>> as per the test plan outlined at JDK-8191711. interoperability tests are
>> added against CAs with available test certificates.
>>
>> Webrev: http://cr.openjdk.java.net/~rhalade/8189131/webrev.00/
>> JEP: https://bugs.openjdk.java.net/browse/JDK-8191486
>>
>> Thanks,
>> Rajan
>>



More information about the security-dev mailing list