On Mon, 2 Sep 2024 21:47:25 GMT, Mark Powers <mpow...@openjdk.org> wrote:
>> Please review this change to distrust TLS server certificates issued after >> October 31, 2024 and anchored by Entrust Root CAs. This change is in line >> with similar plans recently announced by Google and Mozilla. TLS server >> certificates issued before this date will continue to be valid until they >> expire. This restriction should have minimal compatibility impact since >> Entrust has announced they will be using a partner (SSL.com) for all TLS >> server certificates issued after Oct 31, 2024. >> >> See the CSR for more details: https://bugs.openjdk.org/browse/JDK-8339194 > > Mark Powers has updated the pull request incrementally with one additional > commit since the last revision: > > beware moving lines around test/jdk/sun/security/ssl/X509TrustManagerImpl/Entrust/Distrust.java line 141: > 139: // expired TLS certificates should not be treated as failure > 140: if (expired(ce)) { > 141: System.err.println("Test is N/A, chain is expired"); Should this be updated to throw SkippedException so we know that certificates are expired? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20731#discussion_r1742443300
