8349492: Update sun/security/pkcs12/KeytoolOpensslInteropTest.java to use a recent Openssl version

[fguallini]

This updates the OpenSSL version that is used by test sun/security/pkcs12/KeytoolOpensslInteropTest.java to the current LTS version (3.0 series).
There are some differences between the 1.1.x and the current OpenSSL version:

• RC4 is not longer enabled by default, therefore adding the -legacy flag when needed to enable it. Additionally, It is also required to specify the path location of the legacy provider.
• Unlike the old version that throws an error if the MAC was absent from the PKCS12, the 3.0 series shows a warning instead.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8349492: Update sun/security/pkcs12/KeytoolOpensslInteropTest.java to use a recent Openssl version (Enhancement - P4)

Reviewers

• Rajan Halade (@rhalade - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/23613/head:pull/23613
$ git checkout pull/23613

Update a local copy of the PR:
$ git checkout pull/23613
$ git pull https://git.openjdk.org/jdk.git pull/23613/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 23613

View PR using the GUI difftool:
$ git pr show -t 23613

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/23613.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back fguallini! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@fguallini This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8349492: Update sun/security/pkcs12/KeytoolOpensslInteropTest.java to use a recent Openssl version

Reviewed-by: rhalade

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 264 new commits pushed to the master branch:

• 73465b9: 8160327: Support for thumbnails present in APP1 marker for JPEG
• dbdbbd4: 8348597: Update HarfBuzz to 10.4.0
• 7999091: 8351555: Help section added in JDK-8350638 uses invalid HTML
• 8450ae9: 8351440: Link with -reproducible on macOS
• b40be22: 8333393: PhaseCFG::insert_anti_dependences can fail to raise LCAs and to add necessary anti-dependence edges
• 6b84bde: 8350007: Add usage message to the javadoc executable
• 32f2c2d: 8351017: ChronoUnit.MONTHS.between() not giving correct result when date is in February
• d90b79a: 8351046: Rename ObjectMonitor functions
• e90b6bd: 8350638: Make keyboard navigation more usable in API docs
• 4867a4c: 8351280: Mark Assertion Predicates useless instead of replacing them by a constant directly
• ... and 254 more: https://git.openjdk.org/jdk/compare/f1258f9e16b063c0fdbdd614ae2dc76c67607654...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@rhalade) but any other Committer may sponsor as well.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

[openjdk]

@fguallini The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 05: Full - Incremental (621e5d9d)
• 04: Full - Incremental (ad998433)
• 03: Full - Incremental (bcb87952)
• 02: Full - Incremental (6df5414e)
• 01: Full - Incremental (4b2dcbbc)
• 00: Full (fad232e2)

[wangweij]

The "preferred version" sounds like user can choose one. I'd rather just say "latest version". At least that is the latest our test has access to. Also, I assume you will update to newer versions later and this test is not meant to run with only the "current" version (like it used to do).

[fguallini]

The "preferred version" sounds like user can choose one. I'd rather just say "latest version". At least that is the latest our test has access to. Also, I assume you will update to newer versions later and this test is not meant to run with only the "current" version (like it used to do).

True, it may sound like that. The reason I didn't use 'latest version' was that it might not always be required to be updated for every minor release, since building the binaries is time consuming. Maybe 'recent' version which does not necessarily mean the very latest ? or 'defined' in OpensslArtifactFetcher.

[wangweij]

Or "current version". I regret using this in my previous comment. I meant "this one particular version" there.

And yes, it will be clear if you mention the "current version as defined by ...".

[fguallini]

Or "current version". I regret using this in my previous comment. I meant "this one particular version" there.

And yes, it will be clear if you mention the "current version as defined by ...".

Thanks, updated now

[wangweij]

Thanks. I see no issue, but I'll leave it to somebody more familiar with the artifact mechanism to approve the PR.

[rhalade]

Few comments to update current version wherever possible to print the OPENSSL_BUNDLE_VERSION.

[mpdonova]

Looks good to me, thanks!

[fguallini]

/integrate

[openjdk]

@fguallini
Your change (at version 621e5d9) is now ready to be sponsored by a Committer.

[rhalade]

/sponsor

[openjdk]

Going to push as commit 8d8bd0c.
Since your change was applied there have been 264 commits pushed to the master branch:

• 73465b9: 8160327: Support for thumbnails present in APP1 marker for JPEG
• dbdbbd4: 8348597: Update HarfBuzz to 10.4.0
• 7999091: 8351555: Help section added in JDK-8350638 uses invalid HTML
• 8450ae9: 8351440: Link with -reproducible on macOS
• b40be22: 8333393: PhaseCFG::insert_anti_dependences can fail to raise LCAs and to add necessary anti-dependence edges
• 6b84bde: 8350007: Add usage message to the javadoc executable
• 32f2c2d: 8351017: ChronoUnit.MONTHS.between() not giving correct result when date is in February
• d90b79a: 8351046: Rename ObjectMonitor functions
• e90b6bd: 8350638: Make keyboard navigation more usable in API docs
• 4867a4c: 8351280: Mark Assertion Predicates useless instead of replacing them by a constant directly
• ... and 254 more: https://git.openjdk.org/jdk/compare/f1258f9e16b063c0fdbdd614ae2dc76c67607654...master

Your commit was automatically rebased without conflicts.

[openjdk]

@rhalade @fguallini Pushed as commit 8d8bd0c.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.