Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

8311546: Certificate name constraints improperly validated with leading period #1268

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

8311546: Certificate name constraints improperly validated with leading period #1268

wants to merge 2 commits into from

Conversation

shipilev
Copy link
Member

@shipilev shipilev commented Dec 18, 2024
edited by openjdk bot
Loading

Backporting this due to wider customer interest in aligning JDK behavior with other SSL implementations. Both patches apply cleanly. First patch does the fix. Second patch fixes the test.

Additional testing:

  • macos-aarch64-server-release, new test passes with and without the change
  • macos-aarch64-server-release, sun/security/x509/
  • linux-x86_64-server-release, jdk_security

Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • JDK-8320372 needs maintainer approval
  • JDK-8311546 needs maintainer approval

Issues

  • JDK-8311546: Certificate name constraints improperly validated with leading period (Bug - P3)
  • JDK-8320372: test/jdk/sun/security/x509/DNSName/LeadingPeriod.java validity check failed (Bug - P2)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk21u-dev.git pull/1268/head:pull/1268
$ git checkout pull/1268

Update a local copy of the PR:
$ git checkout pull/1268
$ git pull https://git.openjdk.org/jdk21u-dev.git pull/1268/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1268

View PR using the GUI difftool:
$ git pr show -t 1268

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk21u-dev/pull/1268.diff

Using Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Dec 18, 2024

👋 Welcome back shade! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link

openjdk bot commented Dec 18, 2024

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

@openjdk openjdk bot changed the title Backport bfaf5704e7e71f968b716b5f448860e9cda721b4 8311546: Certificate name constraints improperly validated with leading period Dec 18, 2024
@openjdk
Copy link

openjdk bot commented Dec 18, 2024

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels Dec 18, 2024
@mlbridge
Copy link

mlbridge bot commented Dec 18, 2024

Webrevs

@shipilev
Copy link
Member Author

/issue add JDK-8320372

@openjdk
Copy link

openjdk bot commented Dec 18, 2024

@shipilev
Adding additional issue to issue list: 8320372: test/jdk/sun/security/x509/DNSName/LeadingPeriod.java validity check failed.

@shipilev
Copy link
Member Author

Both backports are actually clean.

/clean

@openjdk
Copy link

openjdk bot commented Dec 18, 2024

@shipilev The /clean pull request command is not enabled for this repository

@shipilev
Copy link
Member Author

@shipilev The /clean pull request command is not enabled for this repository

:( Ok, then I need some reviews, please.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
backport rfr Pull request is ready for review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@shipilev