RFR: 8339560: Unaddressed comments during code review of JDK-8337664
Sean Mullan
mullan at openjdk.org
Tue Sep 24 16:00:47 UTC 2024
On Wed, 11 Sep 2024 09:07:15 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:
> During the code review of [JDK-8337664](https://bugs.openjdk.org/browse/JDK-8337664), several non-critical comments were raised but not addressed due to time constraints. This PR includes the following changes:
>
> 1. Symantec and Entrust tests now reuse common code. The Distrust.java class contains this reusable code, making it easier to add new tests for distrusted roots in the future.
> 2. In several instances where an Exception is thrown, it has been replaced with RuntimeException.
> 3. Many Symantec test certs have already expired. To properly test the distrusted scenario, this change wraps the intermediate and root CA certs in NonExpiringTLSServerCert, which does not validate expiration.
> 4. Package structure changed:
> <img width="225" alt="image" src="https://github.com/user-attachments/assets/a8c8407e-edd3-47dd-84c0-19feb9da3c0f">
test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/Entrust.java line 34:
> 32: * @summary Check that TLS Server certificates chaining back to distrusted
> 33: * Entrust roots are invalid
> 34: * @library /test/lib
Do you need /test/lib anymore?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20944#discussion_r1773637584
More information about the security-dev
mailing list