RFR: 8349492: Update sun/security/pkcs12/KeytoolOpensslInteropTest.java to use a recent Openssl version [v4]

Rajan Halade rhalade at openjdk.org
Tue Feb 18 19:22:16 UTC 2025 

On Mon, 17 Feb 2025 11:06:09 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:

>> This updates the OpenSSL version that is used by test `sun/security/pkcs12/KeytoolOpensslInteropTest.java` to the current LTS version (3.0 series). 
>> There are some differences between the 1.1.x and the current OpenSSL version:
>> - RC4 is not longer enabled by default, therefore adding the `-legacy` flag when needed to enable it.  Additionally, It is also required to specify the path location of the legacy provider.
>> - Unlike the old version that throws an error if the MAC was absent from the PKCS12, the 3.0 series shows a warning instead.
>
> Fernando Guallini has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains eight additional commits since the last revision:
> 
>  - Merge branch 'master' into JDK-8349492
>  - updated wording in KeytoolOpensslInteropTest
>  - updated wording
>  - provider path depends on platform
>  - typo
>  - it should be isX64 rather than is64bit
>  - refactoring
>  - using openssl 3.0.14

Few comments to update `current version` wherever possible to print the `OPENSSL_BUNDLE_VERSION`.

test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java line 34:

> 32:  *          openssl path using system property "test.openssl.path" or it should
> 33:  *          be available in /usr/bin or /usr/local/bin
> 34:  *          Required OpenSSL version : Current version as defined by OpensslArtifactFetcher

Update `current version` to `OpensslArtifactFetcher.OPENSSL_BUNDLE_VERSION`

test/jdk/sun/security/pkcs12/KeytoolOpensslInteropTest.java line 80:

> 78:             // since the current version of openssl is not available, skip all
> 79:             // openssl command dependent tests with a warning
> 80:             System.out.println("\n\u001B[31mWarning: Can't find the current version "

It will be better to update this to print `OpensslArtifactFetcher.OPENSSL_BUNDLE_VERSION` with the corresponding `getTestOpenSSLBundleVersion` routine in `OpensslArtifactFetcher`. The current version verbiage is confusing.

test/lib/jdk/test/lib/security/OpensslArtifactFetcher.java line 41:

> 39: 
> 40:     /**
> 41:      * Gets the openssl binary path of the current version

update the` current version` here to `OPENSSL_BUNDLE_VERSION`

-------------

Changes requested by rhalade (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/23613#pullrequestreview-2624426488
PR Review Comment: https://git.openjdk.org/jdk/pull/23613#discussion_r1960231506
PR Review Comment: https://git.openjdk.org/jdk/pull/23613#discussion_r1960238639
PR Review Comment: https://git.openjdk.org/jdk/pull/23613#discussion_r1960225228

More information about the security-dev mailing list