RFR: 8349492: Update sun/security/pkcs12/KeytoolOpensslInteropTest.java to use a recent Openssl version [v5]
Matthew Donovan
mdonovan at openjdk.org
Wed Mar 5 19:23:05 UTC 2025
On Wed, 19 Feb 2025 17:03:02 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:
>> This updates the OpenSSL version that is used by test `sun/security/pkcs12/KeytoolOpensslInteropTest.java` to the current LTS version (3.0 series).
>> There are some differences between the 1.1.x and the current OpenSSL version:
>> - RC4 is not longer enabled by default, therefore adding the `-legacy` flag when needed to enable it. Additionally, It is also required to specify the path location of the legacy provider.
>> - Unlike the old version that throws an error if the MAC was absent from the PKCS12, the 3.0 series shows a warning instead.
>
> Fernando Guallini has updated the pull request incrementally with one additional commit since the last revision:
>
> updated wording of openssl version
test/lib/jdk/test/lib/security/OpensslArtifactFetcher.java line 79:
> 77: }
> 78: }
> 79: return verifyOpensslVersion(path, OPENSSL_BUNDLE_VERSION) ? path : null;
Do we want to keep this version check? On the one hand, it ensures that the system binaries or binaries specified via the system property will be a specific, known version, but on the other hand, the only way to run this test with a different version of the library is to change the code. Instead, can we just log the version that is used when the test is run?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23613#discussion_r1982056864
More information about the security-dev
mailing list