Hi Severin, not strictly a 8u "Reviewer" yet, but I've looked at your changes (this one and 8232019) nevertheless :)
They both look good, except that I can not verify the new "cacert" file because it is not in the patch (because it is binary). Not sure if it is necessary to upload the whole file to cr.openjdk.java.net as well? If you say that sun/security/lib/cacerts/VerifyCACerts.java and security/infra/java/security/cert/CertPathValidator/certification both pass, then everything seems to be fine. So thumbs up from me (for both, this one and 8232019). Best regards, Volker On Tue, Dec 17, 2019 at 8:39 PM Severin Gehwolf <sgehw...@redhat.com> wrote: > > Hi, > > Could I please get a review of this OpenJDK 8u backport of 8233223 > which depends on 8u backport of 8232019[1]. The JDK 11u patch did not > apply cleanly for a couple of reasons: > > 1. 8u still has the binary blob for cacerts (JDK-8193255 > not backported, yet). Instead, I've updated to the revision in > jdk11u, performed a build and copied the cacerts binary to 8u. > 2. JDK-8225392 not present in 8u, which added the checksum to > VerifyCACerts.java. Thus, the 8u backport does not include > this hunk. > 3. JDK-8234245 not present in 8u. > 4. Due to 2) and 3) above @bug annotation modified manually for these > reasons. > > Everything else is the same. > > Bug: https://bugs.openjdk.java.net/browse/JDK-8233223 > webrev: > http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8233223/jdk8/01/webrev/ > > Testing: sun/security/lib/cacerts/VerifyCACerts.java and > security/infra/java/security/cert/CertPathValidator/certification > Pass, except for ActalisCA.java which is problem-listed and still > broken in HEAD (JDK-8224768) > > Thoughts? > > Once reviewed, I'll try to get this into 8u242 via the critical fix > request label workflow. > > Thanks, > Severin > > [1] http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-December/010813.html >
