On Wed, 19 Feb 2025 17:03:02 GMT, Fernando Guallini <fguall...@openjdk.org> wrote:
>> This updates the OpenSSL version that is used by test >> `sun/security/pkcs12/KeytoolOpensslInteropTest.java` to the current LTS >> version (3.0 series). >> There are some differences between the 1.1.x and the current OpenSSL version: >> - RC4 is not longer enabled by default, therefore adding the `-legacy` flag >> when needed to enable it. Additionally, It is also required to specify the >> path location of the legacy provider. >> - Unlike the old version that throws an error if the MAC was absent from the >> PKCS12, the 3.0 series shows a warning instead. > > Fernando Guallini has updated the pull request incrementally with one > additional commit since the last revision: > > updated wording of openssl version test/lib/jdk/test/lib/security/OpensslArtifactFetcher.java line 79: > 77: } > 78: } > 79: return verifyOpensslVersion(path, OPENSSL_BUNDLE_VERSION) ? path > : null; Do we want to keep this version check? On the one hand, it ensures that the system binaries or binaries specified via the system property will be a specific, known version, but on the other hand, the only way to run this test with a different version of the library is to change the code. Instead, can we just log the version that is used when the test is run? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23613#discussion_r1982056864
