On Fri, 5 Apr 2024 14:16:47 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Sean Mullan has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Remove unnecessary module java.base/sun.security.provider.certpath. > > test/jdk/java/security/cert/CertPathValidator/crlDP/CheckAllCRLs.java line 95: > >> 93: rootKeyPair, eeKeyPair, rootCert, "SHA384withRSA", false, >> false); >> 94: >> 95: // Create a CRL with no revoked certificates and store it in a >> file > > I think the test is based on a fact that if both paths (HTTP and file) fail > then validation would fail because there is no way to check for revocation. > However, I have a slightest concern that what if it does not fail and > everything goes on and validation succeeds. So, if the CRL is not empty and > the test detects the cert is revoked it will be more reliable. Yes, this is a good suggestion, as something could go undetected later on. I will update the CRL so that the certificate is revoked and then the test should always expect a failure with the proper reason. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18656#discussion_r1554111732
