[11u] RFR: 8256421: Add 2 HARICA roots to cacerts truststore

Langer, Christoph christoph.langer at sap.com
Thu Feb 18 13:11:15 UTC 2021


Hi Martin,

this backport looks good to me.

Best regards
Christoph

From: Doerr, Martin <martin.doerr at sap.com>
Sent: Donnerstag, 18. Februar 2021 12:11
To: security-dev <security-dev at openjdk.java.net>; jdk-updates-dev at openjdk.java.net
Cc: Langer, Christoph <christoph.langer at sap.com>; Lindenmaier, Goetz <goetz.lindenmaier at sap.com>
Subject: [11u] RFR: 8256421: Add 2 HARICA roots to cacerts truststore

Hi,

JDK-8256421 is backported to 11.0.11-oracle. I'd like to backport it for parity.
It doesn't apply cleanly.

I'm using the jdk16u backport. See "Fix Request (jdk16u)" comment.

VerifyCACerts.java:
I had to change the COUNT manually:
-    private static final int COUNT = 95;
+    private static final int COUNT = 97;
And I've computed the new CHECKSUM which gets verified by the test:
shasum -a 256 jdk/lib/security/cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
9F:6B:41:1D:05:AF:E3:C5:4F:E8:39:89:50:79:60:B1:F6:A4:02:40:0C:28:8D:73:78:08:E5:61:7C:17:EA:59

Bug:
https://bugs.openjdk.java.net/browse/JDK-8256421

Original change (from 16u):
https://github.com/openjdk/jdk16u/commit/4ccaf6b8

11u backport:
http://cr.openjdk.java.net/~mdoerr/8256421_HARICA_cacerts_11u/webrev.00/

Please review.

Best regards,
Martin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210218/e394ea94/attachment.htm>


More information about the security-dev mailing list