[11u] RFR: 8256421: Add 2 HARICA roots to cacerts truststore
Langer, Christoph
christoph.langer at sap.com
Thu Feb 18 13:11:15 UTC 2021
Hi Martin,
this backport looks good to me.
Best regards
Christoph
From: Doerr, Martin <martin.doerr at sap.com>
Sent: Donnerstag, 18. Februar 2021 12:11
To: security-dev <security-dev at openjdk.java.net>; jdk-updates-dev at openjdk.java.net
Cc: Langer, Christoph <christoph.langer at sap.com>; Lindenmaier, Goetz <goetz.lindenmaier at sap.com>
Subject: [11u] RFR: 8256421: Add 2 HARICA roots to cacerts truststore
Hi,
JDK-8256421 is backported to 11.0.11-oracle. I'd like to backport it for parity.
It doesn't apply cleanly.
I'm using the jdk16u backport. See "Fix Request (jdk16u)" comment.
VerifyCACerts.java:
I had to change the COUNT manually:
- private static final int COUNT = 95;
+ private static final int COUNT = 97;
And I've computed the new CHECKSUM which gets verified by the test:
shasum -a 256 jdk/lib/security/cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
9F:6B:41:1D:05:AF:E3:C5:4F:E8:39:89:50:79:60:B1:F6:A4:02:40:0C:28:8D:73:78:08:E5:61:7C:17:EA:59
Bug:
https://bugs.openjdk.java.net/browse/JDK-8256421
Original change (from 16u):
https://github.com/openjdk/jdk16u/commit/4ccaf6b8
11u backport:
http://cr.openjdk.java.net/~mdoerr/8256421_HARICA_cacerts_11u/webrev.00/
Please review.
Best regards,
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210218/e394ea94/attachment.htm>
More information about the security-dev
mailing list