On Wed, 8 Jan 2025 23:27:34 GMT, Mark Powers <mpow...@openjdk.org> wrote:
> [JDK-8346587](https://bugs.openjdk.org/browse/JDK-8346587) test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/Camerfirma.java line 58: > 56: > 57: public static void main(String[] args) throws Exception { > 58: String prop = > Security.getProperty("jdk.certpath.disabledAlgorithms"); Can you add a comment here saying that some (all?) of the test certificates are signed with SHA-1 so we need to remove the constraint that disallows SHA-1 certificates? test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/Distrust.java line 1: > 1: /* Update copyright date. test/jdk/sun/security/ssl/X509TrustManagerImpl/distrust/chains/camerfirma/camerfirmachambersca-chain.pem line 1: > 1: -----BEGIN CERTIFICATE----- Can you put some basic information about the certs at the top of these files, such as the Issuer DN, etc? See the entrust pem files for examples. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/22985#discussion_r1927427764 PR Review Comment: https://git.openjdk.org/jdk/pull/22985#discussion_r1927420690 PR Review Comment: https://git.openjdk.org/jdk/pull/22985#discussion_r1927422098
