[8u] Request for enhancement backport approval for CR 8207258- Distrust TLS server certificates anchored by Symantec Root CAs

Aleksey Shipilev shade at redhat.com
Tue Feb 26 10:32:41 UTC 2019

On 2/26/19 10:44 AM, Andrew Haley wrote:
> On 2/25/19 9:43 PM, Liu, Xin wrote:
>> We backport two patches about distrust policy to jdk8u-dev.  It will distrust all certificates from Symantec except for 2 from Apple’s.
>> They are straight-forward, but we do minor changes for java8.
>> JDK-8207258<https://bugs.openjdk.java.net/browse/JDK-8207258>: Distrust TLS server certificates anchored by Symantec Root CAs
>> http://cr.openjdk.java.net/~phh/8207258/webrev.8u.00/
>> JDK-8216280<https://bugs.openjdk.java.net/browse/JDK-8216280%5d>: Allow later Symantec Policy distrust date for two Apple SubCAs
>> http://cr.openjdk.java.net/~phh/8216280/webrev.8u.00/
>> We verify Jtreg and JCK8b internally. Could you mailist review it?
> These are already marked with CPU19 04-critical-approved and redhat-openjdk.
> In other words: we're on it.

I have already handed over these to Liu. Liu provides the backport for these.


More information about the jdk8u-dev mailing list