On Tue, 18 Mar 2025 14:58:51 GMT, Matthew Donovan <mdono...@openjdk.org> wrote:
>> This PR updates the CertificateBuilder with a new method that creates a new >> instance with common fields (subject name, public key, serial number, >> validity, and key uses) filled-in. One test, IPIdentities.java, is updated >> to show how the method can be used to create various certificates. I >> attached screenshots that compare the old hard-coded certificates (left) >> with the new generated certificates. >> >>  >>  >>  > > Matthew Donovan has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains seven commits: > > - reversed order of DN strings when making certificates. > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - Merge branch 'master' into certbuilder > - changed boolean array initialization > - 8325766: Review seclibs tests for cert expiry test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java line 243: > 241: .addBasicConstraintsExt(false, false, -1) > 242: > .addExtension(CertificateBuilder.createIPSubjectAltNameExt(true, "127.0.0.1")) > 243: .build(trustedCert, caKeys.getPrivate(), "MD5WithRSA"); MD5 algorithm is not allowed in TLSv1.3 test/jdk/sun/net/www/protocol/https/HttpsURLConnection/IPIdentities.java line 255: > 253: > .addExtension(CertificateBuilder.createIPSubjectAltNameExt(true, "127.0.0.1")) > 254: .addBasicConstraintsExt(false, false, -1) > 255: .build(trustedCert, caKeys.getPrivate(), "MD5WithRSA"); Same as above: MD5 algorithm is not allowed in TLSv1.3 certificates ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r2027699283 PR Review Comment: https://git.openjdk.org/jdk/pull/23700#discussion_r2027699952
