RFR: 8282201: Consider removal of expiry check in VerifyCACerts.java test
Sean Mullan
mullan at openjdk.org
Wed Mar 8 20:39:16 UTC 2023
On Tue, 7 Mar 2023 21:19:37 GMT, Rajan Halade <rhalade at openjdk.org> wrote:
> This fix removes the check for 90 days expiry. But the test will continue to fail if the expired certificate is included in `cacerts` but no exception is granted.
>
> Fix also includes minor code cleanup.
test/jdk/sun/security/lib/cacerts/VerifyCACerts.java line 299:
> 297:
> 298: // also ensure FINGERPRINT_MAP lists correct count
> 299: if(FINGERPRINT_MAP.size() != COUNT) {
Nit: add space after `if`.
test/jdk/sun/security/lib/cacerts/VerifyCACerts.java line 356:
> 354: atLeastOneFailed = true;
> 355: System.err.println("ERROR: cert \"" + alias + "\" expiry \""
> 356: + notAfter.toString() + "\" will expire within 90 days");
It might be useful to still emit these lines as a "WARNING: ..." but not flag it as a failure.
-------------
PR: https://git.openjdk.org/jdk/pull/12910
More information about the security-dev
mailing list