[security-dev 01696]: Re: Please review new regression test for java.net.* API
Andrew John Hughes
ahughes at redhat.com
Thu Mar 18 07:39:51 PDT 2010
On 18 March 2010 14:28, Christopher Hegarty -Sun Microsystems Ireland
<Christopher.Hegarty at sun.com> wrote:
> Alan Bateman wrote:
>>
>> Pavel Tisnovsky wrote:
>>>
>>> Hi,
>>>
>>> please review new regression test for java.net.* API. This test check if
>>> the cacerts keytool database is configured properly and SSL is really
>>> working. The test should not fail if SSL is working (in other case it simply
>>> throws IOException). Webrev si available at
>>> http://cr.openjdk.java.net/~ptisnovs/TestHttps/
>>>
>>> Thanks in advance
>>> Pavel Tisnovsky
>>
>> I suspect the dependency on verisign.com will be problematic. Isn't SSL
>> already covered by the javax.net and https tests?
>
> I'm not sure what the prime motivation of the test is. Pavel, can you please
> elaborate?
>
> Reading between the lines I guess the test is verifying that the correct
> root Certification Authority is installed in cacerts, i.e. the cert from
> www.verisign.com can be validated.
>
> Alan is correct there are already tests for SSL/Https in javax.net, but I
> believe these use self signed certs, no dependency on cacerts.
>
Sounds like you have things spot on to me, Chris.
> -Chris.
>
>>
>> -Alan.
>
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the security-dev
mailing list