RFR [13]: 8222089: [TESTBUG] sun/security/lib/cacerts/VerifyCACerts.java fails due to cert within 90-day expiry window
Xuelei Fan
xuelei.fan at oracle.com
Mon Apr 8 15:42:04 UTC 2019
Looks good to me.
Xuelei
On 4/8/2019 7:24 AM, Sean Mullan wrote:
> Two DocuSign root CA certificates will expire in 90 days. This is
> causing failures in mach5 tier 2 and tier 4.
>
> For now, I have modified the test to exclude these certificates until we
> can contact the CA vendor to determine if we should remove or replace
> them, and filed a follow-on issue to track that:
> https://bugs.openjdk.java.net/browse/JDK-8222121
>
> bug: https://bugs.openjdk.java.net/browse/JDK-8222089
>
> diffs:
>
> diff -r 7b5e2bc79e68 test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
> --- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java Mon Apr
> 08 15:54:47 2019 +0300
> +++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java Mon Apr
> 08 10:15:29 2019 -0400
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights
> reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> @@ -25,7 +25,7 @@
> /**
> * @test
> * @bug 8189131 8198240 8191844 8189949 8191031 8196141 8204923
> 8195774 8199779
> - * 8209452 8209506 8210432 8195793
> + * 8209452 8209506 8210432 8195793 8222089
> * @summary Check root CA entries in cacerts file
> */
> import java.io.File;
> @@ -237,7 +237,12 @@
>
> // Exception list to 90 days expiry policy
> // No error will be reported if certificate in this list expires
> - private static final HashSet<String> EXPIRY_EXC_ENTRIES = new
> HashSet<>();
> + private static final HashSet<String> EXPIRY_EXC_ENTRIES = new
> HashSet<>() {
> + {
> + add("certplusclass2primaryca [jdk]");
> + add("certplusclass3pprimaryca [jdk]");
> + }
> + };
>
> // Ninety days in milliseconds
> private static final long NINETY_DAYS = 7776000000L;
>
> Thanks,
> Sean
More information about the security-dev
mailing list