RFR: 8209452: VerifyCACerts.java failed with "At least one cacert test failed" (gtecybertrustglobalca certificate)
Langer, Christoph
christoph.langer at sap.com
Wed Aug 22 09:17:34 UTC 2018
Hi,
I've seen the changes that should allow for keeping the GTE cybertrust root ca around although it has expired on 14th of August, also this one: http://mail.openjdk.java.net/pipermail/security-dev/2018-April/017023.html
However, I'd like to ask the question if you really plan to keep this expired certificate? Shouldn't there be a replacement for it or are there plans to remove it at all some time?
Thanks & Best regards
Christoph
> -----Original Message-----
> From: security-dev <security-dev-bounces at openjdk.java.net> On Behalf Of
> Sean Mullan
> Sent: Dienstag, 14. August 2018 18:35
> To: Rajan Halade <rajan.halade at oracle.com>; security-dev <security-
> dev at openjdk.java.net>
> Subject: Re: RFR: 8209452: VerifyCACerts.java failed with "At least one cacert
> test failed"
>
> Looks good. When you push the changeset, can you add a Summary line with
> more details of the fix, ex:
>
> Summary: allow expired certificates on exception list to pass after they
> expire
>
> Thanks,
> Sean
>
> On 8/14/18 12:22 PM, Rajan Halade wrote:
> > Please review this fix to allow test to pass if expired certificate is
> > allowed by exception list.
> >
> > Webrev: http://cr.openjdk.java.net/~rhalade/8209452/webrev.00/
> >
> > Thanks,
> > Rajan
More information about the security-dev
mailing list