Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8311546: Certificate name constraints improperly validated with leading period #3149

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

shipilev
Copy link
Member

@shipilev shipilev commented Dec 18, 2024

Backporting this due to wider customer interest in aligning JDK behavior with other SSL implementations. Both patches apply cleanly. First patch does the fix. Second patch fixes the test.

Additional testing:

  • macos-aarch64-server-release, new test passes with and without the change
  • macos-aarch64-server-release, sun/security/x509/
  • linux-x86_64-server-release, jdk_security

Progress

  • Change must be properly reviewed (1 review required, with at least 1 Reviewer)
  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • JDK-8320372 needs maintainer approval
  • JDK-8311546 needs maintainer approval

Issues

  • JDK-8311546: Certificate name constraints improperly validated with leading period (Bug - P3)
  • JDK-8320372: test/jdk/sun/security/x509/DNSName/LeadingPeriod.java validity check failed (Bug - P2)

Reviewers

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk17u-dev.git pull/3149/head:pull/3149
$ git checkout pull/3149

Update a local copy of the PR:
$ git checkout pull/3149
$ git pull https://git.openjdk.org/jdk17u-dev.git pull/3149/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 3149

View PR using the GUI difftool:
$ git pr show -t 3149

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk17u-dev/pull/3149.diff

Using Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Dec 18, 2024

👋 Welcome back shade! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link

openjdk bot commented Dec 18, 2024

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

@openjdk openjdk bot changed the title Backport bfaf5704e7e71f968b716b5f448860e9cda721b4 8311546: Certificate name constraints improperly validated with leading period Dec 18, 2024
@openjdk
Copy link

openjdk bot commented Dec 18, 2024

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport rfr Pull request is ready for review labels Dec 18, 2024
@mlbridge
Copy link

mlbridge bot commented Dec 18, 2024

Webrevs

@shipilev
Copy link
Member Author

/issue add JDK-8320372

@openjdk
Copy link

openjdk bot commented Dec 18, 2024

@shipilev
Adding additional issue to issue list: 8320372: test/jdk/sun/security/x509/DNSName/LeadingPeriod.java validity check failed.

@shipilev
Copy link
Member Author

Both backports are actually clean.

/clean

@openjdk
Copy link

openjdk bot commented Dec 18, 2024

@shipilev The /clean pull request command is not enabled for this repository

@shipilev
Copy link
Member Author

@shipilev The /clean pull request command is not enabled for this repository

:( Ok, then I need some reviews, please.

@openjdk
Copy link

openjdk bot commented Jan 9, 2025

⚠️ @shipilev This change is now ready for you to apply for maintainer approval. This can be done directly in each associated issue or by using the /approval command.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport rfr Pull request is ready for review
Development

Successfully merging this pull request may close these issues.

2 participants