Hi Volker, On Wed, 2019-12-18 at 22:27 +0100, Volker Simonis wrote: > Hi Severin, > > not strictly a 8u "Reviewer" yet, but I've looked at your changes > (this one and 8232019) nevertheless :)
Thanks for the review! > They both look good, except that I can not verify the new "cacert" > file because it is not in the patch (because it is binary). Not sure > if it is necessary to upload the whole file to cr.openjdk.java.net as > well? If you say that sun/security/lib/cacerts/VerifyCACerts.java and > security/infra/java/security/cert/CertPathValidator/certification both > pass, then everything seems to be fine. FWIW the raw download of the webrev's cacerts file should have the binary blob: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8233223/jdk8/01/webrev/raw_files/new/src/share/lib/security/cacerts And for 8232019: http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8232019/jdk8/01/webrev/raw_files/new/src/share/lib/security/cacerts Thanks, Severin > So thumbs up from me (for both, this one and 8232019). > > Best regards, > Volker > > On Tue, Dec 17, 2019 at 8:39 PM Severin Gehwolf <sgehw...@redhat.com> wrote: > > Hi, > > > > Could I please get a review of this OpenJDK 8u backport of 8233223 > > which depends on 8u backport of 8232019[1]. The JDK 11u patch did not > > apply cleanly for a couple of reasons: > > > > 1. 8u still has the binary blob for cacerts (JDK-8193255 > > not backported, yet). Instead, I've updated to the revision in > > jdk11u, performed a build and copied the cacerts binary to 8u. > > 2. JDK-8225392 not present in 8u, which added the checksum to > > VerifyCACerts.java. Thus, the 8u backport does not include > > this hunk. > > 3. JDK-8234245 not present in 8u. > > 4. Due to 2) and 3) above @bug annotation modified manually for these > > reasons. > > > > Everything else is the same. > > > > Bug: https://bugs.openjdk.java.net/browse/JDK-8233223 > > webrev: > > http://cr.openjdk.java.net/~sgehwolf/webrevs/JDK-8233223/jdk8/01/webrev/ > > > > Testing: sun/security/lib/cacerts/VerifyCACerts.java and > > security/infra/java/security/cert/CertPathValidator/certification > > Pass, except for ActalisCA.java which is problem-listed and still > > broken in HEAD (JDK-8224768) > > > > Thoughts? > > > > Once reviewed, I'll try to get this into 8u242 via the critical fix > > request label workflow. > > > > Thanks, > > Severin > > > > [1] > > http://mail.openjdk.java.net/pipermail/jdk8u-dev/2019-December/010813.html > >
