[security-dev 01698]: Re: Please review new regression test for java.net.* API
Pavel Tisnovsky
ptisnovs at redhat.com
Thu Mar 18 08:50:05 PDT 2010
Christopher Hegarty -Sun Microsystems Ireland wrote:
> Alan Bateman wrote:
>> Pavel Tisnovsky wrote:
>>> Hi,
>>>
>>> please review new regression test for java.net.* API. This test check
>>> if the cacerts keytool database is configured properly and SSL is
>>> really working. The test should not fail if SSL is working (in other
>>> case it simply throws IOException). Webrev si available at
>>> http://cr.openjdk.java.net/~ptisnovs/TestHttps/
>>>
>>> Thanks in advance
>>> Pavel Tisnovsky
>> I suspect the dependency on verisign.com will be problematic. Isn't
>> SSL already covered by the javax.net and https tests?
>
> I'm not sure what the prime motivation of the test is. Pavel, can you
> please elaborate?
>
> Reading between the lines I guess the test is verifying that the correct
> root Certification Authority is installed in cacerts, i.e. the cert
> from www.verisign.com can be validated.
Hi Chris, you guessed correctly :-) And we can use other URL if
verisign.com is problematic.
>
> Alan is correct there are already tests for SSL/Https in javax.net, but
> I believe these use self signed certs, no dependency on cacerts.
>
> -Chris.
>
>>
>> -Alan.
More information about the security-dev
mailing list