JDK-8198240 : Allow cacerts test to pass when GTECyberTrust root expires
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2018-02-15
  • Updated: 2019-01-14
  • Resolved: 2018-04-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 7 JDK 8
11 b10Fixed 7u201Fixed 8u191Fixed
Related Reports
Relates :  
Relates :  
The GTE CyberTrust Global Root expires on Aug. 13, 2018. However, we want to keep this root in the JDK past its expiration date as there may still be signed and timestamped code that depends on it.

The jdk/lib/security/cacerts/VerifyCACerts test will start failing within 90 days of the expiration date.

We need to add an exception to the test that permits this root to be expired.
Webrev sent: http://cr.openjdk.java.net/~rhalade/8198240/webrev.00/