On Tue, Dec 5, 2017 at 9:19 AM, Magnus Ihse Bursie <magnus.ihse.bur...@oracle.com> wrote: > On 2017-12-01 18:16, Volker Simonis wrote: >> >> Hi Rajan, >> >> great to see this finally happen! >> >> I have just a quick question related to the tests. As far as I can >> see, the tests will only succeed if the OpenJDK will be build with the >> new open sourced, Oracle root certificates. But what if somebody is >> building the OpenJDK with his own set of root certificates (by using >> the --with-cacerts-file option)? Do you see any possibility of >> restricting these tests only to builds which used the original, >> checked in cacerts file? > > > My question is if the --with-cacerts-file option is still relevant after > this? I see a good chance of simplifying some build logic here. :-) >
I think the folks from the AdoptOpenJDK project are using this option (CC-ed adoption-discuss). I'm not sure if they want to drop their root certificates in favor of the new ones. It general I think it would be useful to have something like "--add-cacerts-file" which will merge in additional certificates although this will most certainly complicate the build logic :) Regards, Volker > /Magnus > > >> >> Regards, >> Volker >> >> >> On Fri, Dec 1, 2017 at 5:54 PM, Rajan Halade <rajan.hal...@oracle.com> >> wrote: >>> >>> May I request for your review of this fix to open source the root >>> certificates in Oracle's Java SE Root CA program. The fix is to populate >>> cacerts keystore with root certificates and add corresponding tests for >>> it >>> as per the test plan outlined at JDK-8191711. interoperability tests are >>> added against CAs with available test certificates. >>> >>> Webrev: http://cr.openjdk.java.net/~rhalade/8189131/webrev.00/ >>> JEP: https://bugs.openjdk.java.net/browse/JDK-8191486 >>> >>> Thanks, >>> Rajan >>> >
