[8u] RFR: 8233223: Add Amazon Root CA certificates

Severin Gehwolf sgehwolf at redhat.com
Tue Dec 17 19:38:52 UTC 2019


Hi,

Could I please get a review of this OpenJDK 8u backport of 8233223
which depends on 8u backport of 8232019[1]. The JDK 11u patch did not
apply cleanly for a couple of reasons:

   1. 8u still has the binary blob for cacerts (JDK-8193255
      not backported, yet). Instead, I've updated to the revision in
      jdk11u, performed a build and copied the cacerts binary to 8u.
   2. JDK-8225392 not present in 8u, which added the checksum to
      VerifyCACerts.java. Thus, the 8u backport does not include
      this hunk.
   3. JDK-8234245 not present in 8u.
   4. Due to 2) and 3) above @bug annotation modified manually for these
      reasons.

Everything else is the same.

Bug: https://bugs.openjdk.java.net/browse/JDK-8233223
webrev: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8233223/jdk8/01/webrev/

Testing: sun/security/lib/cacerts/VerifyCACerts.java and
         security/infra/java/security/cert/CertPathValidator/certification
         Pass, except for ActalisCA.java which is problem-listed and still
         broken in HEAD (JDK-8224768)

Thoughts?

Once reviewed, I'll try to get this into 8u242 via the critical fix
request label workflow.

Thanks,
Severin

[1] http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-December/010813.html



More information about the security-dev mailing list