[8u] RFR: 8233223: Add Amazon Root CA certificates
Volker Simonis
volker.simonis at gmail.com
Wed Dec 18 21:27:20 UTC 2019
Hi Severin,
not strictly a 8u "Reviewer" yet, but I've looked at your changes
(this one and 8232019) nevertheless :)
They both look good, except that I can not verify the new "cacert"
file because it is not in the patch (because it is binary). Not sure
if it is necessary to upload the whole file to cr.openjdk.java.net as
well? If you say that sun/security/lib/cacerts/VerifyCACerts.java and
security/infra/java/security/cert/CertPathValidator/certification both
pass, then everything seems to be fine.
So thumbs up from me (for both, this one and 8232019).
Best regards,
Volker
On Tue, Dec 17, 2019 at 8:39 PM Severin Gehwolf <sgehwolf at redhat.com> wrote:
>
> Hi,
>
> Could I please get a review of this OpenJDK 8u backport of 8233223
> which depends on 8u backport of 8232019[1]. The JDK 11u patch did not
> apply cleanly for a couple of reasons:
>
> 1. 8u still has the binary blob for cacerts (JDK-8193255
> not backported, yet). Instead, I've updated to the revision in
> jdk11u, performed a build and copied the cacerts binary to 8u.
> 2. JDK-8225392 not present in 8u, which added the checksum to
> VerifyCACerts.java. Thus, the 8u backport does not include
> this hunk.
> 3. JDK-8234245 not present in 8u.
> 4. Due to 2) and 3) above @bug annotation modified manually for these
> reasons.
>
> Everything else is the same.
>
> Bug: https://bugs.openjdk.java.net/browse/JDK-8233223
> webrev: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8233223/jdk8/01/webrev/
>
> Testing: sun/security/lib/cacerts/VerifyCACerts.java and
> security/infra/java/security/cert/CertPathValidator/certification
> Pass, except for ActalisCA.java which is problem-listed and still
> broken in HEAD (JDK-8224768)
>
> Thoughts?
>
> Once reviewed, I'll try to get this into 8u242 via the critical fix
> request label workflow.
>
> Thanks,
> Severin
>
> [1] http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-December/010813.html
>
More information about the security-dev
mailing list