[8u] RFR: 8232019: Add LuxTrust certificate updates to the existing root program
Langer, Christoph
christoph.langer at sap.com
Thu Dec 19 17:04:46 UTC 2019
Hi Severin,
this looks good - when VerifyCACerts passes, everything is correct.
We shall definitely try to backport "JDK-8193255: Root Certificates should be stored in text format and assembled at build time" somehow, to have easier certificate backports.
Cheers
Christoph
> -----Original Message-----
> From: jdk8u-dev <jdk8u-dev-bounces at openjdk.java.net> On Behalf Of
> Severin Gehwolf
> Sent: Dienstag, 17. Dezember 2019 20:30
> To: jdk8u-dev <jdk8u-dev at openjdk.java.net>
> Cc: security-dev <security-dev at openjdk.java.net>
> Subject: [8u] RFR: 8232019: Add LuxTrust certificate updates to the existing
> root program
>
> Hi,
>
> Could I please get a review of this OpenJDK 8u backport of 8232019. The
> JDK 11 patch did not apply cleanly for a couple of reasons:
>
> 1. 8u still has the binary blob for cacerts (JDK-8193255 not
> backported, yet). Instead, I've updated to the revision in jdk11u,
> performed a build and copied the cacerts binary to 8u.
> 2. JDK-8225392 not present in 8u, which added the checksum to
> VerifyCACerts.java. Thus, the 8u backport does not include this
> hunk. @bug annotation modified manually for the same reason.
>
> Everything else is the same.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8232019
> webrev: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-
> 8232019/jdk8/01/webrev/
>
> Testing: sun/security/lib/cacerts/VerifyCACerts.java and
> security/infra/java/security/cert/CertPathValidator/certification
> Pass, except for ActalisCA.java which is problem-listed and still
> broken in HEAD (JDK-8224768)
>
> Thoughts?
>
> If reviewed, I'll try to get this in 8u242 via the critical fix request
> label workflow.
>
> Thanks,
> Severin
More information about the security-dev
mailing list