JDK-8256421 : Add 2 HARICA roots to cacerts truststore
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8,11,15,16,17
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2020-11-16
  • Updated: 2021-06-17
  • Resolved: 2021-02-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 15 JDK 16 JDK 17 JDK 7 JDK 8 Other
11.0.11-oracleFixed 13.0.8Fixed 15.0.4Fixed 16.0.1Fixed 17 b08Fixed 7u301Fixed 8u291Fixed openjdk8u292Fixed
Sub Tasks
JDK-8260597 :  
Release Note: Added 2 HARICA Root CA Certificates - Closed
Description
Include 2 new HARICA  roots to cacerts truststore

HARICA Root CA 2015
HARICA ECC Root CA 2015

https://www.harica.gr/.
https://www.gunet.gr/en.
Comments
Fix request (13u): Request to port for parity with LTS releases. The patch doesn't require adjustments here, too.
17-06-2021
Fix request (15u): to port for parity with LTS. For some reason the patch goes clean in jdk15u-dev even without JDK-8251989.
17-06-2021
Fix Request (8u, critical) Same reason as 11u. But, since this patch releases in other JDKs in April CPU, it makes sense to release it in 8u April CPU as well. Patch from 11u applies to 8u with usual shuffling. sun/security/lib/cacerts/VerifyCACerts.java and security/cert/CertPathValidator/certification/HaricaCA.java tests pass. This patch is different from 8u302, which accidentally put the HaricaCA.java in the wrong place, to be resolved in 8u302 later.
17-03-2021
Fix Request (8u) Same reason as 11u. Patch from 11u applies to 8u with usual shuffling. VerifyCACerts test passes.
16-03-2021
Fix Request (jdk11u): Should get backported for parity with 11.0.11-oracle. Doesn't apply cleanly. Review thread: http://mail.openjdk.java.net/pipermail/jdk-updates-dev/2021-February/005042.html
18-02-2021
Fix Request (jdk16u): This fix add two new root CA certificates from Harica. Backport is not clean as fix for JDK-8251989 is not in JDK 16. This fix updated VerifyCACerts.java test code.
03-02-2021
Changeset: 69189f88 Author: Rajan Halade <rhalade@openjdk.org> Date: 2021-02-02 18:26:34 +0000 URL: https://git.openjdk.java.net/jdk/commit/69189f88
02-02-2021