[8u] RFR: 8233223: Add Amazon Root CA certificates
Severin Gehwolf
sgehwolf at redhat.com
Tue Dec 17 19:38:52 UTC 2019
Hi,
Could I please get a review of this OpenJDK 8u backport of 8233223
which depends on 8u backport of 8232019[1]. The JDK 11u patch did not
apply cleanly for a couple of reasons:
1. 8u still has the binary blob for cacerts (JDK-8193255
not backported, yet). Instead, I've updated to the revision in
jdk11u, performed a build and copied the cacerts binary to 8u.
2. JDK-8225392 not present in 8u, which added the checksum to
VerifyCACerts.java. Thus, the 8u backport does not include
this hunk.
3. JDK-8234245 not present in 8u.
4. Due to 2) and 3) above @bug annotation modified manually for these
reasons.
Everything else is the same.
Bug: https://bugs.openjdk.java.net/browse/JDK-8233223
webrev: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8233223/jdk8/01/webrev/
Testing: sun/security/lib/cacerts/VerifyCACerts.java and
security/infra/java/security/cert/CertPathValidator/certification
Pass, except for ActalisCA.java which is problem-listed and still
broken in HEAD (JDK-8224768)
Thoughts?
Once reviewed, I'll try to get this into 8u242 via the critical fix
request label workflow.
Thanks,
Severin
[1] http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-December/010813.html
More information about the security-dev
mailing list