On Tue, 2 May 2023 18:42:36 GMT, Rajan Halade <rhal...@openjdk.org> wrote:
> > > > I have infra tests for interop implemented. @jianglizhou, please check > https://github.com/openjdk/jdk/compare/master...rhalade:jdk:googletrust-certify?expand=1 Aside from the bug number @jianglizhou raised, the interop tests look good to me. > src/java.base/share/data/cacerts/globalsigneccrootcar4 line 3: > >> 1: Owner: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 >> 2: Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 >> 3: Serial number: 203e57ef53f93fda50921b2a6 > > Why is this certificate changed? The original R4 did not have the digitalSignature keyUsage set. This root signs OCSP responses, so it needed to be reissued to comply with section 7.1.2.1 of the CA/B Forum baseline requirements. The only change between the two versions aside from the serial number is the addition of the digitalSignature key usage bit. ------------- PR Comment: https://git.openjdk.org/jdk/pull/13754#issuecomment-1531995277 PR Review Comment: https://git.openjdk.org/jdk/pull/13754#discussion_r1182931200
