jgoodyear commented on code in PR #1836:
URL: https://github.com/apache/cxf/pull/1836#discussion_r1583203249
##########
services/xkms/xkms-x509-handlers/src/test/java/org/apache/cxf/xkms/x509/validator/TrustedAuthorityValidatorCRLTest.java:
##########
@@ -91,8 +91,12 @@ public void testIsCertChainValid() throws
CertificateException {
validator.isCertificateChainValid(Arrays.asList(certificateRoot)));
Assert.assertTrue("wss40rev should not be valid",
!validator.isCertificateChainValid(Arrays.asList(certificateWss40Rev)));
- Assert.assertTrue("wss40 should be valid",
-
validator.isCertificateChainValid(Arrays.asList(certificateWss40)));
+ //Red Hat OpenJDK must have RSA keySize 2048 or greater.
+ //see jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize
< 2048
Review Comment:
Given we can not change JVM Parameters at runtime for the test case we have
2 options:
1. Skip on RH JVM,
2. Generate a RSA >= 2048 certificate to replace the wss40 cer we currently
have.
I've tried some self signed certs, however i keep getting invalid cert
errors - may need to reach out to Colm.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@cxf.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
