On 12/1/17 2:25 PM, Rajan Halade wrote:
On 12/1/17 10:09 AM, Sean Mullan wrote:
So only the VerifyCACerts test would potentially fail by default (it
is part of tier2). If this becomes a big issue, we can follow-up later
and investigate more with some sort of fix, but I don't think this
should hold up the current fix.
Would it be acceptable if I change blocks at line 227-231 and 234-239 to
soft-failures? Essentially then this test will only validate a cert if
it is present in keystore. This test is designed to check integrity of
cacerts keystore but if we are to allow test to pass with different
cacerts specified using --with-cacerts-file then it may be acceptable.
I don't think we should do that. This could more easily allow a
non-approved cert to accidentally make its way into the real cacerts
keystore without detection.
We can handle the alternate cacerts keystore issue with a better
solution later, if necessary.
--Sean
