JDK-8225130 : Add exception for expiring Comodo roots to VerifyCACerts test
  • Type: Sub-task
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7,8,11,15
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-05-31
  • Updated: 2020-06-09
  • Resolved: 2020-03-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 14 JDK 15 JDK 7 JDK 8 Other
11.0.7-oracleFixed 13.0.4Fixed 14.0.1Fixed 15 b13Fixed 7u261Fixed 8u251Fixed openjdk8u252Fixed
Related Reports
Duplicate :  
JDK-8240268 - sun/security/lib/cacerts/VerifyCACerts.java fails due to cert within 90-day expiry window
Relates :  
JDK-8225128 - Add exception for expiring DocuSign root to VerifyCACerts test
Description
The expiring Comodo roots must be added to the exemption list before Sunday, March 1, 2020 (90 days before it expires) to avoid test failures.
Comments
Fix request (13u) Requesting backport to 13u for parity with 11u, applies cleanly.
02-06-2020
Approving for 8u252 as this is time critical.
10-03-2020
I am working on restructuring this test to avoid frequent updates. New bug will be filed to address it.
04-03-2020
Can I suggest that we modify VerifyCACerts.java testcase to flag certs 180 days before they expire ? 90 days is too short given the current release model/cadence.
03-03-2020
Fix Request (14u) Same thing as 8u and 11u. Applies cleanly to 14u, VerifyCA test starts to pass.
03-03-2020
Fix Request (8u), critical Same reason as for 11u. Patch applies with reshuffling. Affected test starts to pass.
03-03-2020
Fix Request (11u), critical This resolves VerifyCA test failure in 11u and keeps codebases in sync (I see 11.0.8-oracle). Patch applies cleanly to 11u, passes VerifyCA test. I would like to have it sooner to make testing clean, therefore "critical".
03-03-2020
URL: https://hg.openjdk.java.net/jdk/jdk/rev/4b9d816b1531 User: rhalade Date: 2020-03-02 07:04:58 +0000
02-03-2020
addtrustclass1ca:Valid from: Tue May 30 10:38:31 GMT 2000 until: Sat May 30 10:38:31 GMT 2020 addtrustexternalca:Valid from: Tue May 30 10:48:38 GMT 2000 until: Sat May 30 10:48:38 GMT 2020 addtrustqualifiedca:Valid from: Tue May 30 10:44:50 GMT 2000 until: Sat May 30 10:44:50 GMT 2020
02-03-2020