RFR: 8349492: Update sun/security/pkcs12/KeytoolOpensslInteropTest.java to use a recent Openssl version [v5]
Fernando Guallini
fguallini at openjdk.org
Thu Mar 6 18:33:58 UTC 2025
On Thu, 6 Mar 2025 12:54:03 GMT, Matthew Donovan <mdonovan at openjdk.org> wrote:
>> Well, the test is also checking with java commands if openssl is available (line 75), then it makes sense to keep it when it is not available as it does not rely on Openssl.
>
> My concern is that a Pass result is ambiguous: we may or may not have verified interoperability with openssl. If the Java portion of the test is valid and tests functionality not covered in other tests then it should be its own test. This test should either run with openssl or throw a SkippedException because openssl is not available.
If Openssl is not available in the instance, this test is using preexisting PKCS12 files generated with an older Openssl version for testing compatibility between openssl and keytool, these files are located in the ./params directory.
As discussed with Matthew, I will separate both paths adding an extra "test" tag, one test will generate the PKCS12 on the fly and throw an SkippedException if Openssl is not available, and the other will use the preexisting files for the verifications.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23613#discussion_r1983865578
More information about the security-dev
mailing list