I signed the OCA yesterday, just waiting for it to be approved On Fri, 17 Jan 2025 at 22:20, Alexey Bakhtin <ale...@azul.com> wrote:
> Hello Sean, > > The enhancement looks reasonable. > As far as I know, Tim submitted the PR for this enhancement. I will be > happy to review and help with it. > > Regards > Alexey > > > On 17 Jan 2025, at 13:58, Sean Mullan <sean.mul...@oracle.com> wrote: > > Caution: This email originated from outside of the organization. Do not > click links or open attachments unless you recognize the sender and know > the content is safe. > > Alexey, > > Given your experience with implementing > https://bugs.openjdk.org/browse/JDK-8320362, is this something you would > be interested in working on? > > Tim, any progress on the OCA? > > Thanks, > > Sean > On 1/13/25 2:47 PM, Alexey Bakhtin wrote: > > Hello Sean, Tim > > I've attached logs to the JDK-8347067, created based on Tim’s report. > As you mentioned already, the issue happens because the TLS server sends > truncated chain without CA intermediate certificates. > In my understanding, it should not be a problem if the Root and CA > intermediate are stored in the KeychainStore. > According to the Apple spec CA intermediate can be stored without trust > settings but is considered trusted if validated to the root cert. > > Regards > Alexey > > On 13 Jan 2025, at 01:21, Tim Jacomb <timjaco...@gmail.com> > <timjaco...@gmail.com> wrote: > > > Some people who received this message don't often get email from > timjaco...@gmail.com. Learn why this is important > <https://aka.ms/LearnAboutSenderIdentification> > > > Caution: This email originated from outside of the organization. Do not > click links or open attachments unless you recognize the sender and know > the content is safe. > > Hi Sean > > I don't have access to add to the bug report, but I've attached to the > GitHub pull request here: > https://github.com/openjdk/jdk/pull/22911#issuecomment-2586577905 > > (this can also be reproduced with this repository: > https://github.com/timja/openjdk-intermediate-ca-reproducer) > > Thanks > Tim > > On Thu, 9 Jan 2025 at 20:56, Sean Mullan <sean.mul...@oracle.com> wrote: > >> >> On 1/8/25 4:06 AM, Tim Jacomb wrote: >> > TLS handshake fails with PKIX path building error. >> > >> > Chain is Root -> Intermediate -> Leaf in the runnable example although >> > in our real-world use-case its Root -> Intermediate 1 -> Intermediate 2 >> > -> Leaf >> > If I run the example only with Root -> Leaf then it works fine... >> >> It would be helpful if you can attach two logfiles (assuming the info >> isn't sensitive) to the bug report[1], one running with >> -Djavax.net.debug=all and the other with -Djava.security.debug=certpath. >> >> Thanks, >> Sean >> >> [1] https://bugs.openjdk.org/browse/JDK-8347067 >> >> > >
