Thanks for your reviews. I have updated webrev -
http://cr.openjdk.java.net/~rhalade/8189131/webrev.01/
I realized an error in my script which missed 7 new root certs listed in
JEP, these are added now. Update also includes some code enhancements
in VerifyCACerts.java to get rid of un-ncessary code as per Jamil's
suggestions.
Thanks,
Rajan
On 12/1/17 10:17 AM, Volker Simonis wrote:
On Fri, Dec 1, 2017 at 7:09 PM, Sean Mullan <sean.mul...@oracle.com> wrote:
On 12/1/17 12:22 PM, Alan Bateman wrote:
On 01/12/2017 17:16, Volker Simonis wrote:
Hi Rajan,
great to see this finally happen!
I have just a quick question related to the tests. As far as I can
see, the tests will only succeed if the OpenJDK will be build with the
new open sourced, Oracle root certificates. But what if somebody is
building the OpenJDK with his own set of root certificates (by using
the --with-cacerts-file option)? Do you see any possibility of
restricting these tests only to builds which used the original,
checked in cacerts file?
If needed, you could add a keyword (@key tag) on these tests, or any tests
that depend on the OpenJDK cacerts file, so can you control if the tests are
run or not.
Also, the interop tests are not part of any of the 3 tiers, so they won't be
run unless you specifically include the jdk_security_infra group.
So only the VerifyCACerts test would potentially fail by default (it is part
of tier2). If this becomes a big issue, we can follow-up later and
investigate more with some sort of fix, but I don't think this should hold
up the current fix.
No, I didn't want to hold up this fix - I'm quite happy to finally see
it in the OpenJDK. I just wanted to point out potential issues but I
agree that we can handle them later, when they become real.
Regards,
Volker
Thanks,
Sean