8372351: Add 2 WISeKey roots#3200
Conversation
|
👋 Welcome back avieiro! A progress list of the required criteria for merging this PR into |
|
@vieiro This change now passes all automated pre-integration checks. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 7 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
openjdk
Bot
changed the title
|
This backport pull request has now been updated with issue from the original commit. |
openjdk
Bot
added
backport
Webrevs
|
|
See #3203 for a backport of JDK-8384815. |
gnu-andrew
left a comment
gnu-andrew
left a comment
There was a problem hiding this comment.
Change mostly looks good.
You mention the OCSP changes, yet I don't see anything adapting the test for the absence of this patch. The -Dcom.sun.security.ocsp.useget=false invocations are unnecessary in 11u and should be removed.
Compare CAInterop.java in 11u with 17u and you see:
--- ../jdk/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java 2026-05-23 14:21:12.546949985 +0100
+++ test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java 2026-03-20 22:53:38.130634988 +0000
@@ -32,9 +32,6 @@
* @run main/othervm/manual -Djava.security.debug=certpath,ocsp
* CAInterop actalisauthenticationrootca OCSP
* @run main/othervm/manual -Djava.security.debug=certpath,ocsp
- * -Dcom.sun.security.ocsp.useget=false
- * CAInterop actalisauthenticationrootca OCSP
- * @run main/othervm/manual -Djava.security.debug=certpath,ocsp
* CAInterop actalisauthenticationrootca CRL
*/
etc.
It looks like this was also missed in backporting JDK-8341057 & JDK-8359170 too so it would be good to remove the additional lines there too.
|
Dropped Test continue to pass: |
gnu-andrew
left a comment
gnu-andrew
left a comment
There was a problem hiding this comment.
Thanks for fixing this on both the new changes and previous ones. This should be good to go.
|
|
|
/approval request Please consider approving this backport from JDK17 that adds two new Root CA certificates for WISeKey |
openjdk
Bot
added
the
approval
|
/approve yes |
|
@jerboaa |
openjdk
Bot
added
ready
|
/integrate |
|
Going to push as commit b8b274b.
Your commit was automatically rebased without conflicts. |
openjdk
Bot
removed
ready
3 participants
Backport of JDK-8372351 from JDK17, that adds two new CA root certificates, that should get into
2026-07.Mostly clean but for
CAInterop.javawhich is missing https://bugs.openjdk.org/browse/JDK-8328638 and https://bugs.openjdk.org/browse/JDK-8329213 from higher JDK versions. Also JDK11 is missing https://openjdk.org/jeps/361.Security tests pass, but for a failure in
PreferredKeydue to an expired certificate as reported in https://bugs.openjdk.org/browse/JDK-8384815, which should be backported to JDK11 (currently under review in JDK17).In particular the affected test passes:
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk11u-dev.git pull/3200/head:pull/3200$ git checkout pull/3200Update a local copy of the PR:
$ git checkout pull/3200$ git pull https://git.openjdk.org/jdk11u-dev.git pull/3200/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 3200View PR using the GUI difftool:
$ git pr show -t 3200Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk11u-dev/pull/3200.diff
Using Webrev
Link to Webrev Comment