RFR: 8353738: Update TLS unit tests to not use certificates with MD5 signatures [v5]
Daniel Fuchs
dfuchs at openjdk.org
Fri Nov 14 10:10:01 UTC 2025
On Thu, 13 Nov 2025 14:32:33 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Matthew Donovan has updated the pull request incrementally with one additional commit since the last revision:
>>
>> changed line wrapping
>
> test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IdentitiesBase.java line 104:
>
>> 102: CertificateBuilder.KeyUsage.KEY_ENCIPHERMENT)
>> 103: .addBasicConstraintsExt(false, false, -1)
>> 104: .addExtension(CertificateBuilder.createIPSubjectAltNameExt(true, "127.0.0.1"))
>
> I assume you verified that the DNSIdentities customization overwrites the SAN configured here, but I'd feel more confident if this line were moved to customizeServerCert in IPIdentities
If there is an alternative SAN for IPv4 loopback address there should be one for the IPv6 loopback too.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27342#discussion_r2526848102
More information about the security-dev
mailing list