JDK-8232019 : Add LuxTrust certificate updates to the existing root program
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-10-08
  • Updated: 2020-08-05
  • Resolved: 2019-11-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 7 JDK 8 Other
11.0.6Fixed 7u251Fixed 8u241Fixed openjdk8u242Fixed
Related Reports
Relates :  
Sub Tasks
JDK-8234215 :  
New root requested to be added with

DN: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU
Fix Request (8u): Needed for merge with 8u242. Patch applies cleanly now JDK-8193255 & JDK-8225392 is in place.

Approving binary blob backport for 8u242. Source backport should go to 8u252 following integration of JDK-8193255.

Fix Request (OpenJDK 8u): Please approve backporting this to OpenJDK 8u. Specifically for 8u242 as the backports adds a new root certificate for LuxTrust. 8u242 since it's in Oracle JDK 8u241. I'll be sure to include relevant bits of this in the backport of JDK-8193255. The patch has been reviewed by Volker Simonis, Christoph Langer and Martin Balao. The JDK 11u patch didn't apply cleanly and needed a review. HG export patch (as this includes binary blob cacerts): https://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8232019/jdk8/JDK-8232019.jdk8.export.patch Review thread: http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-December/010813.html Testing (ActalisCA.java is problem-listed and tracked with JDK-8224768): Passed: sun/security/lib/cacerts/VerifyCACerts.java FAILED: security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/DTrustCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/EntrustCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/GoDaddyCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java Passed: security/infra/java/security/cert/CertPathValidator/certification/TeliaSoneraCA.java

Fix request (11u and 13u): Request to backport this additional root certificate to both, JDK11 updates and JDK13 updates. Patch applies cleanly but needs to be followed by JDK-8234245 to be free of regressions.

URL: https://hg.openjdk.java.net/jdk/jdk/rev/11b96254ea92 User: rhalade Date: 2019-11-15 03:50:47 +0000

Open review request is sent.