Pavel Tisnovsky wrote:
Christopher Hegarty -Sun Microsystems Ireland wrote:
Alan Bateman wrote:
Pavel Tisnovsky wrote:
Hi,
please review new regression test for java.net.* API. This test
check if the cacerts keytool database is configured properly and SSL
is really working. The test should not fail if SSL is working (in
other case it simply throws IOException). Webrev si available at
http://cr.openjdk.java.net/~ptisnovs/TestHttps/
Thanks in advance
Pavel Tisnovsky
I suspect the dependency on verisign.com will be problematic. Isn't
SSL already covered by the javax.net and https tests?
I'm not sure what the prime motivation of the test is. Pavel, can you
please elaborate?
Reading between the lines I guess the test is verifying that the
correct root Certification Authority is installed in cacerts, i.e.
the cert from www.verisign.com can be validated.
Hi Chris, you guessed correctly :-) And we can use other URL if
verisign.com is problematic.
OK, so the test is trying to validate cacerts.
Does it make sense to validate this certificate store in a general
purpose regression test? The test will of course pass with Sun's
priority build and probably RedHats too, since they contain the root
certificate for verisign, but an OpenJDK build will not contain it,
right? So the test will fail.
Security folk:
Do we currently have any tests with a dependency on cacerts?
-Chris.
Alan is correct there are already tests for SSL/Https in javax.net,
but I believe these use self signed certs, no dependency on cacerts.
-Chris.
-Alan.
