changeset 8828:23be5195bc56

8207258: Distrust TLS server certificates anchored by Symantec Root CAs 8216280: Allow later Symantec Policy distrust date for two Apple SubCAs Summary: Add class CADistrustPolicy and distrust Symantec. Reviewed-by: weijun, coffeys
author andrew
date Mon, 15 Apr 2019 14:55:44 +0100
parents 02eb5baa1ce4
children d247711ce869
files src/share/classes/sun/security/validator/CADistrustPolicy.java src/share/classes/sun/security/validator/EndEntityChecker.java src/share/classes/sun/security/validator/SymantecTLSPolicy.java src/share/classes/sun/security/validator/Validator.java src/share/lib/security/java.security-linux src/share/lib/security/java.security-macosx src/share/lib/security/java.security-solaris src/share/lib/security/java.security-windows test/lib/security/SecurityUtils.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/Distrust.java test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/appleistca2g1-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/appleistca8g1-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustglobalca-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustprimarycag2-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustprimarycag3-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustuniversalca-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootca-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootcag2-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootcag3-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g3ca-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g4ca-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g5ca-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g5ca-codesigning-chain.pem test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignuniversalrootca-chain.pem
diffstat 24 files changed, 1805 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/validator/CADistrustPolicy.java	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.validator;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.EnumSet;
+
+import sun.security.util.Debug;
+
+/**
+ * Policies for distrusting a certificate authority (CA). See the
+ * jdk.security.caDistrustPolicies security property for more information.
+ */
+enum CADistrustPolicy {
+    /**
+     * Distrust TLS Server certificates anchored by a Symantec root CA and
+     * issued after April 16, 2019 (with exceptions for a couple of subordinate
+     * CAs, see the jdk.security.caDistrustPolicies definition in the
+     * java.security file for more details). If enabled, this policy is
+     * currently enforced by the PKIX and SunX509 TrustManager implementations
+     * of the SunJSSE provider implementation.
+     */
+    SYMANTEC_TLS {
+        void checkDistrust(String variant, X509Certificate[] chain)
+                           throws ValidatorException {
+            if (!variant.equals(Validator.VAR_TLS_SERVER)) {
+                return;
+            }
+            SymantecTLSPolicy.checkDistrust(chain);
+        }
+    };
+
+    /**
+     * Checks if the end-entity certificate is distrusted.
+     *
+     * @param variant the type of certificate being checked
+     * @param chain the end-entity's certificate chain. The end entity cert
+     *              is at index 0, the trust anchor at index n-1.
+     * @throws ValidatorException if the end-entity certificate is distrusted
+     */
+    abstract void checkDistrust(String variant,
+                                X509Certificate[] chain)
+                                throws ValidatorException;
+
+    // The policies set in the jdk.security.caDistrustPolicies property.
+    static final EnumSet<CADistrustPolicy> POLICIES = parseProperty();
+    private static EnumSet<CADistrustPolicy> parseProperty() {
+        String property = AccessController.doPrivileged(
+            new PrivilegedAction<String>() {
+                @Override
+                public String run() {
+                    return Security.getProperty(
+                        "jdk.security.caDistrustPolicies");
+                }
+            });
+        EnumSet<CADistrustPolicy> set = EnumSet.noneOf(CADistrustPolicy.class);
+        // if property is null or empty, the restrictions are not enforced
+        if (property == null || property.isEmpty()) {
+            return set;
+        }
+        String[] policies = property.split(",");
+        for (String policy : policies) {
+            policy = policy.trim();
+            try {
+                CADistrustPolicy caPolicy =
+                    Enum.valueOf(CADistrustPolicy.class, policy);
+                set.add(caPolicy);
+            } catch (IllegalArgumentException iae) {
+                // ignore unknown values but log it
+                Debug debug = Debug.getInstance("certpath");
+                if (debug != null) {
+                    debug.println("Unknown value for the " +
+                                  "jdk.security.caDistrustPolicies property: "
+                                  + policy);
+                }
+            }
+        }
+        return set;
+    }
+}
--- a/src/share/classes/sun/security/validator/EndEntityChecker.java	Mon Apr 15 06:13:52 2019 +0100
+++ b/src/share/classes/sun/security/validator/EndEntityChecker.java	Mon Apr 15 14:55:44 2019 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -132,25 +132,26 @@
         return new EndEntityChecker(type, variant);
     }
 
-    void check(X509Certificate cert, Object parameter,
-            boolean checkUnresolvedCritExts) throws CertificateException {
+    void check(X509Certificate[] chain, Object parameter,
+            boolean checkUnresolvedCritExts)
+            throws CertificateException {
         if (variant.equals(Validator.VAR_GENERIC)) {
             return; // no checks
         }
 
-        Set<String> exts = getCriticalExtensions(cert);
+        Set<String> exts = getCriticalExtensions(chain[0]);
         if (variant.equals(Validator.VAR_TLS_SERVER)) {
-            checkTLSServer(cert, (String)parameter, exts);
+            checkTLSServer(chain[0], (String)parameter, exts);
         } else if (variant.equals(Validator.VAR_TLS_CLIENT)) {
-            checkTLSClient(cert, exts);
+            checkTLSClient(chain[0], exts);
         } else if (variant.equals(Validator.VAR_CODE_SIGNING)) {
-            checkCodeSigning(cert, exts);
+            checkCodeSigning(chain[0], exts);
         } else if (variant.equals(Validator.VAR_JCE_SIGNING)) {
-            checkCodeSigning(cert, exts);
+            checkCodeSigning(chain[0], exts);
         } else if (variant.equals(Validator.VAR_PLUGIN_CODE_SIGNING)) {
-            checkCodeSigning(cert, exts);
+            checkCodeSigning(chain[0], exts);
         } else if (variant.equals(Validator.VAR_TSA_SERVER)) {
-            checkTSAServer(cert, exts);
+            checkTSAServer(chain[0], exts);
         } else {
             throw new CertificateException("Unknown variant: " + variant);
         }
@@ -159,6 +160,12 @@
         if (checkUnresolvedCritExts) {
             checkRemainingExtensions(exts);
         }
+
+        // check if certificate should be distrusted according to policies
+        // set in the jdk.security.caDistrustPolicies security property
+        for (CADistrustPolicy policy : CADistrustPolicy.POLICIES) {
+            policy.checkDistrust(variant, chain);
+        }
     }
 
     /**
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/validator/SymantecTLSPolicy.java	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,207 @@
+/*
+ * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+package sun.security.validator;
+
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.TimeZone;
+
+import sun.security.x509.X509CertImpl;
+
+/**
+ * This class checks if Symantec issued TLS Server certificates should be
+ * restricted.
+ */
+final class SymantecTLSPolicy {
+    private static final Date DECEMBER_31_2019;
+    // Any TLS Server certificate that is anchored by one of the Symantec
+    // roots above and is issued after this date will be distrusted.
+    private static final Date APRIL_16_2019;
+
+    // SHA-256 certificate fingerprints of subCAs with later distrust dates
+    private static final Map<String, Date> EXEMPT_SUBCAS = new HashMap<>();
+    static {
+        /*
+           We need to ensure that a date occurs after these dates.
+           As Calendar objects always include a time as well as a date,
+           we ensure the time is the last moment within that date, so that
+           Date.after returns true for any moment from midnight the next day.
+        */
+        Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
+        cal.set(2019, Calendar.DECEMBER, 31, 23, 59, 59);
+        DECEMBER_31_2019 = cal.getTime();
+        cal.set(2019, Calendar.APRIL, 16, 23, 59, 59);
+        APRIL_16_2019 = cal.getTime();
+
+        // Subject DN: C=US, O=Apple Inc., OU=Certification Authority,
+        //             CN=Apple IST CA 2 - G1
+        // Issuer DN: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
+        EXEMPT_SUBCAS.put("AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B",
+                          DECEMBER_31_2019);
+
+
+        // Subject DN: C=US, O=Apple Inc., OU=Certification Authority,
+        //             CN=Apple IST CA 8 - G1
+        // Issuer DN: CN=GeoTrust Primary Certification Authority - G2,
+        //            OU=(c) 2007 GeoTrust Inc. - For authorized use only,
+        //            O=GeoTrust Inc., C=US
+        EXEMPT_SUBCAS.put("A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED",
+                          DECEMBER_31_2019);
+    }
+
+    // SHA-256 certificate fingerprints of distrusted roots
+    private static final Set<String> FINGERPRINTS = new HashSet<>(Arrays.asList(
+        // cacerts alias: geotrustglobalca
+        // DN: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
+        "FF856A2D251DCD88D36656F450126798CFABAADE40799C722DE4D2B5DB36A73A",
+        // cacerts alias: geotrustprimaryca
+        // DN: CN=GeoTrust Primary Certification Authority,
+        //     O=GeoTrust Inc., C=US
+        "37D51006C512EAAB626421F1EC8C92013FC5F82AE98EE533EB4619B8DEB4D06C",
+        // cacerts alias: geotrustprimarycag2
+        // DN: CN=GeoTrust Primary Certification Authority - G2,
+        //     OU=(c) 2007 GeoTrust Inc. - For authorized use only,
+        //     O=GeoTrust Inc., C=US
+        "5EDB7AC43B82A06A8761E8D7BE4979EBF2611F7DD79BF91C1C6B566A219ED766",
+        // cacerts alias: geotrustprimarycag3
+        // DN: CN=GeoTrust Primary Certification Authority - G3,
+        //     OU=(c) 2008 GeoTrust Inc. - For authorized use only,
+        //     O=GeoTrust Inc., C=US
+        "B478B812250DF878635C2AA7EC7D155EAA625EE82916E2CD294361886CD1FBD4",
+        // cacerts alias: geotrustuniversalca
+        // DN: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
+        "A0459B9F63B22559F5FA5D4C6DB3F9F72FF19342033578F073BF1D1B46CBB912",
+        // cacerts alias: thawteprimaryrootca
+        // DN: CN=thawte Primary Root CA,
+        //     OU="(c) 2006 thawte, Inc. - For authorized use only",
+        //     OU=Certification Services Division, O="thawte, Inc.", C=US
+        "8D722F81A9C113C0791DF136A2966DB26C950A971DB46B4199F4EA54B78BFB9F",
+        // cacerts alias: thawteprimaryrootcag2
+        // DN: CN=thawte Primary Root CA - G2,
+        //     OU="(c) 2007 thawte, Inc. - For authorized use only",
+        //     O="thawte, Inc.", C=US
+        "A4310D50AF18A6447190372A86AFAF8B951FFB431D837F1E5688B45971ED1557",
+        // cacerts alias: thawteprimaryrootcag3
+        // DN: CN=thawte Primary Root CA - G3,
+        //     OU="(c) 2008 thawte, Inc. - For authorized use only",
+        //     OU=Certification Services Division, O="thawte, Inc.", C=US
+        "4B03F45807AD70F21BFC2CAE71C9FDE4604C064CF5FFB686BAE5DBAAD7FDD34C",
+        // cacerts alias: thawtepremiumserverca
+        // DN: EMAILADDRESS=premium-server@thawte.com,
+        //     CN=Thawte Premium Server CA, OU=Certification Services Division,
+        //     O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
+        "3F9F27D583204B9E09C8A3D2066C4B57D3A2479C3693650880505698105DBCE9",
+        // cacerts alias: verisignclass2g2ca
+        // DN: OU=VeriSign Trust Network,
+        //     OU="(c) 1998 VeriSign, Inc. - For authorized use only",
+        //     OU=Class 2 Public Primary Certification Authority - G2,
+        //     O="VeriSign, Inc.", C=US
+        "3A43E220FE7F3EA9653D1E21742EAC2B75C20FD8980305BC502CAF8C2D9B41A1",
+        // cacerts alias: verisignclass3ca
+        // DN: OU=Class 3 Public Primary Certification Authority,
+        //     O="VeriSign, Inc.", C=US
+        "A4B6B3996FC2F306B3FD8681BD63413D8C5009CC4FA329C2CCF0E2FA1B140305",
+        // cacerts alias: verisignclass3g2ca
+        // DN: OU=VeriSign Trust Network,
+        //     OU="(c) 1998 VeriSign, Inc. - For authorized use only",
+        //     OU=Class 3 Public Primary Certification Authority - G2,
+        //     O="VeriSign, Inc.", C=US
+        "83CE3C1229688A593D485F81973C0F9195431EDA37CC5E36430E79C7A888638B",
+        // cacerts alias: verisignclass3g3ca
+        // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G3,
+        //     OU="(c) 1999 VeriSign, Inc. - For authorized use only",
+        //     OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+        "EB04CF5EB1F39AFA762F2BB120F296CBA520C1B97DB1589565B81CB9A17B7244",
+        // cacerts alias: verisignclass3g4ca
+        // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G4,
+        //     OU="(c) 2007 VeriSign, Inc. - For authorized use only",
+        //     OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+        "69DDD7EA90BB57C93E135DC85EA6FCD5480B603239BDC454FC758B2A26CF7F79",
+        // cacerts alias: verisignclass3g5ca
+        // DN: CN=VeriSign Class 3 Public Primary Certification Authority - G5,
+        //     OU="(c) 2006 VeriSign, Inc. - For authorized use only",
+        //     OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+        "9ACFAB7E43C8D880D06B262A94DEEEE4B4659989C3D0CAF19BAF6405E41AB7DF",
+        // cacerts alias: verisignuniversalrootca
+        // DN: CN=VeriSign Universal Root Certification Authority,
+        //     OU="(c) 2008 VeriSign, Inc. - For authorized use only",
+        //     OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+        "2399561127A57125DE8CEFEA610DDF2FA078B5C8067F4E828290BFB860E84B3C"
+    ));
+
+    /**
+     * This method assumes the eeCert is a TLS Server Cert and chains back to
+     * the anchor.
+     *
+     * @param chain the end-entity's certificate chain. The end entity cert
+     *              is at index 0, the trust anchor at index n-1.
+     * @throws ValidatorException if the certificate is distrusted
+     */
+    static void checkDistrust(X509Certificate[] chain)
+                              throws ValidatorException {
+        X509Certificate anchor = chain[chain.length-1];
+        if (FINGERPRINTS.contains(fingerprint(anchor))) {
+            Date notBefore = chain[0].getNotBefore();
+
+            // check if chain goes through one of the subCAs
+            if (chain.length > 2) {
+                X509Certificate subCA = chain[chain.length - 2];
+                Date distrustDate = EXEMPT_SUBCAS.get(fingerprint(subCA));
+                if (distrustDate != null) {
+                    // reject if certificate is issued after specified date
+                    checkNotBefore(notBefore, distrustDate, anchor);
+                    return; // success
+                }
+            }
+            // reject if certificate is issued after April 16, 2019
+            checkNotBefore(notBefore, APRIL_16_2019, anchor);
+        }
+    }
+
+    private static String fingerprint(X509Certificate cert) {
+        return (cert instanceof X509CertImpl)
+               ? ((X509CertImpl)cert).getFingerprint("SHA-256")
+               : X509CertImpl.getFingerprint("SHA-256", cert);
+    }
+
+    private static void checkNotBefore(Date notBeforeDate,
+            Date distrustDate, X509Certificate anchor)
+            throws ValidatorException {
+        if (notBeforeDate.after(distrustDate)) {
+            throw new ValidatorException
+                    ("TLS Server certificate issued after " + distrustDate +
+                     " and anchored by a distrusted legacy Symantec root CA: "
+                     + anchor.getSubjectX500Principal(),
+                     ValidatorException.T_UNTRUSTED_CERT, anchor);
+        }
+    }
+    private SymantecTLSPolicy() {}
+}
--- a/src/share/classes/sun/security/validator/Validator.java	Mon Apr 15 06:13:52 2019 +0100
+++ b/src/share/classes/sun/security/validator/Validator.java	Mon Apr 15 14:55:44 2019 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -271,7 +271,7 @@
             // redundant.
             boolean checkUnresolvedCritExts =
                     (type == TYPE_PKIX) ? false : true;
-            endEntityChecker.check(chain[0], parameter,
+            endEntityChecker.check(chain, parameter,
                                    checkUnresolvedCritExts);
         }
 
--- a/src/share/lib/security/java.security-linux	Mon Apr 15 06:13:52 2019 +0100
+++ b/src/share/lib/security/java.security-linux	Mon Apr 15 14:55:44 2019 +0100
@@ -892,3 +892,33 @@
 # and javax.crypto.spec.SecretKeySpec and rejects all the others.
 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\
   java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*
+
+#
+# Policies for distrusting Certificate Authorities (CAs).
+#
+# This is a comma separated value of one or more case-sensitive strings, each
+# of which represents a policy for determining if a CA should be distrusted.
+# The supported values are:
+#
+#
+#   SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec
+#   root CA and issued after April 16, 2019 unless issued by one of the
+#   following subordinate CAs which have a later distrust date:
+#     1. Apple IST CA 2 - G1, SHA-256 fingerprint:
+#        AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B
+#        Distrust after December 31, 2019.
+#     2. Apple IST CA 8 - G1, SHA-256 fingerprint:
+#        A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED
+#        Distrust after December 31, 2019.
+# Leading and trailing whitespace surrounding each value are ignored.
+# Unknown values are ignored. If the property is commented out or set to the
+# empty String, no policies are enforced.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be supported by other SE implementations. Also, this
+# property does not override other security properties which can restrict
+# certificates such as jdk.tls.disabledAlgorithms or
+# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
+# if this property is not enabled.
+#
+jdk.security.caDistrustPolicies=SYMANTEC_TLS
--- a/src/share/lib/security/java.security-macosx	Mon Apr 15 06:13:52 2019 +0100
+++ b/src/share/lib/security/java.security-macosx	Mon Apr 15 14:55:44 2019 +0100
@@ -891,3 +891,33 @@
 # and javax.crypto.spec.SecretKeySpec and rejects all the others.
 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\
   java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*
+
+#
+# Policies for distrusting Certificate Authorities (CAs).
+#
+# This is a comma separated value of one or more case-sensitive strings, each
+# of which represents a policy for determining if a CA should be distrusted.
+# The supported values are:
+#
+#
+#   SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec
+#   root CA and issued after April 16, 2019 unless issued by one of the
+#   following subordinate CAs which have a later distrust date:
+#     1. Apple IST CA 2 - G1, SHA-256 fingerprint:
+#        AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B
+#        Distrust after December 31, 2019.
+#     2. Apple IST CA 8 - G1, SHA-256 fingerprint:
+#        A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED
+#        Distrust after December 31, 2019.
+# Leading and trailing whitespace surrounding each value are ignored.
+# Unknown values are ignored. If the property is commented out or set to the
+# empty String, no policies are enforced.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be supported by other SE implementations. Also, this
+# property does not override other security properties which can restrict
+# certificates such as jdk.tls.disabledAlgorithms or
+# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
+# if this property is not enabled.
+#
+jdk.security.caDistrustPolicies=SYMANTEC_TLS
--- a/src/share/lib/security/java.security-solaris	Mon Apr 15 06:13:52 2019 +0100
+++ b/src/share/lib/security/java.security-solaris	Mon Apr 15 14:55:44 2019 +0100
@@ -890,3 +890,33 @@
 # and javax.crypto.spec.SecretKeySpec and rejects all the others.
 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\
   java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*
+
+#
+# Policies for distrusting Certificate Authorities (CAs).
+#
+# This is a comma separated value of one or more case-sensitive strings, each
+# of which represents a policy for determining if a CA should be distrusted.
+# The supported values are:
+#
+#
+#   SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec
+#   root CA and issued after April 16, 2019 unless issued by one of the
+#   following subordinate CAs which have a later distrust date:
+#     1. Apple IST CA 2 - G1, SHA-256 fingerprint:
+#        AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B
+#        Distrust after December 31, 2019.
+#     2. Apple IST CA 8 - G1, SHA-256 fingerprint:
+#        A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED
+#        Distrust after December 31, 2019.
+# Leading and trailing whitespace surrounding each value are ignored.
+# Unknown values are ignored. If the property is commented out or set to the
+# empty String, no policies are enforced.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be supported by other SE implementations. Also, this
+# property does not override other security properties which can restrict
+# certificates such as jdk.tls.disabledAlgorithms or
+# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
+# if this property is not enabled.
+#
+jdk.security.caDistrustPolicies=SYMANTEC_TLS
--- a/src/share/lib/security/java.security-windows	Mon Apr 15 06:13:52 2019 +0100
+++ b/src/share/lib/security/java.security-windows	Mon Apr 15 14:55:44 2019 +0100
@@ -891,3 +891,33 @@
 # and javax.crypto.spec.SecretKeySpec and rejects all the others.
 jceks.key.serialFilter = java.lang.Enum;java.security.KeyRep;\
   java.security.KeyRep$Type;javax.crypto.spec.SecretKeySpec;!*
+
+#
+# Policies for distrusting Certificate Authorities (CAs).
+#
+# This is a comma separated value of one or more case-sensitive strings, each
+# of which represents a policy for determining if a CA should be distrusted.
+# The supported values are:
+#
+#
+#   SYMANTEC_TLS : Distrust TLS Server certificates anchored by a Symantec
+#   root CA and issued after April 16, 2019 unless issued by one of the
+#   following subordinate CAs which have a later distrust date:
+#     1. Apple IST CA 2 - G1, SHA-256 fingerprint:
+#        AC2B922ECFD5E01711772FEA8ED372DE9D1E2245FCE3F57A9CDBEC77296A424B
+#        Distrust after December 31, 2019.
+#     2. Apple IST CA 8 - G1, SHA-256 fingerprint:
+#        A4FE7C7F15155F3F0AEF7AAA83CF6E06DEB97CA3F909DF920AC1490882D488ED
+#        Distrust after December 31, 2019.
+# Leading and trailing whitespace surrounding each value are ignored.
+# Unknown values are ignored. If the property is commented out or set to the
+# empty String, no policies are enforced.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be supported by other SE implementations. Also, this
+# property does not override other security properties which can restrict
+# certificates such as jdk.tls.disabledAlgorithms or
+# jdk.certpath.disabledAlgorithms; those restrictions are still enforced even
+# if this property is not enabled.
+#
+jdk.security.caDistrustPolicies=SYMANTEC_TLS
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/lib/security/SecurityUtils.java	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+/**
+ * Common library for various security test helper functions.
+ */
+public final class SecurityUtils {
+
+    private static String getCacerts() {
+        String sep = File.separator;
+        return System.getProperty("java.home") + sep
+                + "lib" + sep + "security" + sep + "cacerts";
+    }
+
+    /**
+     * Returns the cacerts keystore with the configured CA certificates.
+     */
+    public static KeyStore getCacertsKeyStore() throws Exception {
+        File file = new File(getCacerts());
+        if (!file.exists()) {
+            return null;
+        }
+
+        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+        try (FileInputStream fis = new FileInputStream(file)) {
+            ks.load(fis, null);
+        }
+        return ks;
+    }
+
+    private SecurityUtils() {}
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/Distrust.java	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,270 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.*;
+import java.math.BigInteger;
+import java.security.*;
+import java.security.cert.*;
+import java.util.*;
+import javax.net.ssl.*;
+import sun.security.validator.Validator;
+import sun.security.validator.ValidatorException;
+
+
+/**
+ * @test
+ * @bug 8207258 8216280
+ * @summary Check that TLS Server certificates chaining back to distrusted
+ *          Symantec roots are invalid
+ * @library /lib/security
+ * @run main/othervm Distrust after policyOn invalid
+ * @run main/othervm Distrust after policyOff valid
+ * @run main/othervm Distrust before policyOn valid
+ * @run main/othervm Distrust before policyOff valid
+ */
+
+public class Distrust {
+
+    private static final String TEST_SRC = System.getProperty("test.src", ".");
+    private static CertificateFactory cf;
+
+    // Each of the roots have a test certificate chain stored in a file
+    // named "<root>-chain.pem".
+    private static String[] rootsToTest = new String[] {
+        "geotrustglobalca", "geotrustprimarycag2", "geotrustprimarycag3",
+        "geotrustuniversalca", "thawteprimaryrootca", "thawteprimaryrootcag2",
+        "thawteprimaryrootcag3", "verisignclass3g3ca", "verisignclass3g4ca",
+        "verisignclass3g5ca", "verisignuniversalrootca" };
+
+    // Each of the subCAs with a delayed distrust date have a test certificate
+    // chain stored in a file named "<subCA>-chain.pem".
+    private static String[] subCAsToTest = new String[] {
+        "appleistca2g1", "appleistca8g1" };
+
+
+    // A date that is after the restrictions take affect
+    private static final Date APRIL_17_2019;
+
+    // A date that is a second before the restrictions take affect
+    private static final Date BEFORE_APRIL_17_2019;
+
+    // A date that is after the subCA restrictions take affect
+    private static final Date JANUARY_1_2020;
+
+    // A date that is a second before the subCA restrictions take affect
+    private static final Date BEFORE_JANUARY_1_2020;
+
+    static {
+        Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
+        cal.set(2019, Calendar.APRIL, 17, 0, 0, 0);
+        APRIL_17_2019 = cal.getTime();
+        cal.add(Calendar.SECOND, -1);
+        BEFORE_APRIL_17_2019 = cal.getTime();
+        cal.set(2020, Calendar.JANUARY, 1, 0, 0, 0);
+        JANUARY_1_2020 = cal.getTime();
+        cal.add(Calendar.SECOND, -1);
+        BEFORE_JANUARY_1_2020 = cal.getTime();
+    }
+
+    public static void main(String[] args) throws Exception {
+
+        cf = CertificateFactory.getInstance("X.509");
+        boolean distrust = args[0].equals("true");
+
+        boolean before = args[0].equals("before");
+        boolean policyOn = args[1].equals("policyOn");
+        boolean isValid = args[2].equals("valid");
+
+        if (!policyOn) {
+            // disable policy (default is on)
+            Security.setProperty("jdk.security.caDistrustPolicies", "");
+        }
+
+        Date notBefore = before ? BEFORE_APRIL_17_2019 : APRIL_17_2019;
+
+        X509TrustManager pkixTM = getTMF("PKIX", null);
+        X509TrustManager sunX509TM = getTMF("SunX509", null);
+        for (String test : rootsToTest) {
+            System.err.println("Testing " + test);
+            X509Certificate[] chain = loadCertificateChain(test);
+
+            testTM(sunX509TM, chain, notBefore, isValid);
+            testTM(pkixTM, chain, notBefore, isValid);
+
+        }
+
+        // test chain if params are passed to TrustManager
+        System.err.println("Testing verisignuniversalrootca with params");
+        testTM(getTMF("PKIX", getParams()),
+               loadCertificateChain("verisignuniversalrootca"),
+               notBefore, isValid);
+
+        // test code-signing chain (should be valid as restrictions don't apply)
+        System.err.println("Testing verisignclass3g5ca code-signing chain");
+        Validator v = Validator.getInstance(Validator.TYPE_PKIX,
+                                            Validator.VAR_CODE_SIGNING,
+                                            getParams());
+        // set validation date so this will still pass when cert expires
+        v.setValidationDate(new Date(1544197375493l));
+        v.validate(loadCertificateChain("verisignclass3g5ca-codesigning"));
+
+        // test chains issued through subCAs
+        notBefore = before ? BEFORE_JANUARY_1_2020 : JANUARY_1_2020;
+        for (String test : subCAsToTest) {
+            System.err.println("Testing " + test);
+            X509Certificate[] chain = loadCertificateChain(test);
+
+            testTM(sunX509TM, chain, notBefore, isValid);
+            testTM(pkixTM, chain, notBefore, isValid);
+        }
+    }
+
+    private static X509TrustManager getTMF(String type,
+            PKIXBuilderParameters params) throws Exception {
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(type);
+        if (params == null) {
+            tmf.init((KeyStore)null);
+        } else {
+            tmf.init(new CertPathTrustManagerParameters(params));
+        }
+        TrustManager[] tms = tmf.getTrustManagers();
+        for (TrustManager tm : tms) {
+            X509TrustManager xtm = (X509TrustManager)tm;
+            return xtm;
+        }
+        throw new Exception("No TrustManager for " + type);
+    }
+
+    private static PKIXBuilderParameters getParams() throws Exception {
+        PKIXBuilderParameters pbp =
+            new PKIXBuilderParameters(SecurityUtils.getCacertsKeyStore(),
+                                      new X509CertSelector());
+        pbp.setRevocationEnabled(false);
+        return pbp;
+    }
+
+    private static void testTM(X509TrustManager xtm, X509Certificate[] chain,
+                               Date notBefore, boolean valid) throws Exception {
+        // Check if TLS Server certificate (the first element of the chain)
+        // is issued after the specified notBefore date (should be rejected
+        // unless distrust property is false). To do this, we need to
+        // fake the notBefore date since none of the test certs are issued
+        // after then.
+        chain[0] = new DistrustedTLSServerCert(chain[0], notBefore);
+
+        try {
+            xtm.checkServerTrusted(chain, "ECDHE_RSA");
+            if (!valid) {
+                throw new Exception("chain should be invalid");
+            }
+        } catch (CertificateException ce) {
+            if (valid) {
+                throw new Exception("Unexpected exception, chain " +
+                                    "should be valid", ce);
+            }
+            if (ce instanceof ValidatorException) {
+                ValidatorException ve = (ValidatorException)ce;
+                if (ve.getErrorType() != ValidatorException.T_UNTRUSTED_CERT) {
+                    throw new Exception("Unexpected exception: " + ce);
+                }
+            } else {
+                throw new Exception("Unexpected exception: " + ce);
+            }
+        }
+    }
+
+    private static X509Certificate[] loadCertificateChain(String name)
+            throws Exception {
+        try (InputStream in = new FileInputStream(TEST_SRC + File.separator +
+                                                  name + "-chain.pem")) {
+            Collection<X509Certificate> certs =
+                (Collection<X509Certificate>)cf.generateCertificates(in);
+            return certs.toArray(new X509Certificate[0]);
+        }
+    }
+
+    private static class DistrustedTLSServerCert extends X509Certificate {
+        private final X509Certificate cert;
+        private final Date notBefore;
+        DistrustedTLSServerCert(X509Certificate cert, Date notBefore) {
+            this.cert = cert;
+            this.notBefore = notBefore;
+        }
+        public Set<String> getCriticalExtensionOIDs() {
+           return cert.getCriticalExtensionOIDs();
+        }
+        public byte[] getExtensionValue(String oid) {
+            return cert.getExtensionValue(oid);
+        }
+        public Set<String> getNonCriticalExtensionOIDs() {
+            return cert.getNonCriticalExtensionOIDs();
+        }
+        public boolean hasUnsupportedCriticalExtension() {
+            return cert.hasUnsupportedCriticalExtension();
+        }
+        public void checkValidity() throws CertificateExpiredException,
+            CertificateNotYetValidException {
+            // always pass
+        }
+        public void checkValidity(Date date) throws CertificateExpiredException,
+            CertificateNotYetValidException {
+            // always pass
+        }
+        public int getVersion() { return cert.getVersion(); }
+        public BigInteger getSerialNumber() { return cert.getSerialNumber(); }
+        public Principal getIssuerDN() { return cert.getIssuerDN(); }
+        public Principal getSubjectDN() { return cert.getSubjectDN(); }
+        public Date getNotBefore() { return notBefore; }
+        public Date getNotAfter() { return cert.getNotAfter(); }
+        public byte[] getTBSCertificate() throws CertificateEncodingException {
+            return cert.getTBSCertificate();
+        }
+        public byte[] getSignature() { return cert.getSignature(); }
+        public String getSigAlgName() { return cert.getSigAlgName(); }
+        public String getSigAlgOID() { return cert.getSigAlgOID(); }
+        public byte[] getSigAlgParams() { return cert.getSigAlgParams(); }
+        public boolean[] getIssuerUniqueID() {
+            return cert.getIssuerUniqueID();
+        }
+        public boolean[] getSubjectUniqueID() {
+            return cert.getSubjectUniqueID();
+        }
+        public boolean[] getKeyUsage() { return cert.getKeyUsage(); }
+        public int getBasicConstraints() { return cert.getBasicConstraints(); }
+        public byte[] getEncoded() throws CertificateEncodingException {
+            return cert.getEncoded();
+        }
+        public void verify(PublicKey key) throws CertificateException,
+            InvalidKeyException, NoSuchAlgorithmException,
+            NoSuchProviderException, SignatureException {
+            cert.verify(key);
+        }
+        public void verify(PublicKey key, String sigProvider) throws
+            CertificateException, InvalidKeyException, NoSuchAlgorithmException,
+            NoSuchProviderException, SignatureException {
+            cert.verify(key, sigProvider);
+        }
+        public PublicKey getPublicKey() { return cert.getPublicKey(); }
+        public String toString() { return cert.toString(); }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/appleistca2g1-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,80 @@
+-----BEGIN CERTIFICATE-----
+MIIGGzCCBQOgAwIBAgIITJltLCqcD0gwDQYJKoZIhvcNAQELBQAwYjEcMBoGA1UE
+AxMTQXBwbGUgSVNUIENBIDIgLSBHMTEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkxEzARBgNVBAoTCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5
+MDEwODIxMTcxNFoXDTIwMDgwODIxMjcwMFowgaoxSjBIBgNVBAMMQWFjdGl2ZS5n
+ZW90cnVzdC1nbG9iYWwtY2EudGVzdC1wYWdlcy5jZXJ0aWZpY2F0ZW1hbmFnZXIu
+YXBwbGUuY29tMSUwIwYDVQQLDBxtYW5hZ2VtZW50OmlkbXMuZ3JvdXAuODY0ODU5
+MRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYD
+VQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCjFUrVHTEX
+0aVU6x9LiGa6oVr9blaCsMFrLicPQguc43Vs/pN+g4jzRXsTSMe9XefezBQb6tzZ
+SMRXVB4kWMr4K1BVgQDkXeyoh4KrXRkdEF9ZIJPNxwTmmYUOc5M6NOYwkLelYz+t
+7n1iNIGylbjwU4qwauElk2alFVqYTEPDLzwvqVDb9jMAJ8MPSDjfUlXW0XD9oXZM
+hC+8LU9JBgJ3YBdzRHa4WnrudUbWjspqaNfAYpVIX0cfCJKnMsKqaSKjS4pIRtWm
+L6NlCTCoIMyOh+wmbWPPX24H2D3+ump5FA35fRYbVznmosl5n1AK34S9tD4XZ7lO
+WZKfaFi1liMCAwEAAaOCAoowggKGMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
+2HqURHyQcJAWnt0XnAFEA4bWKikwfgYIKwYBBQUHAQEEcjBwMDQGCCsGAQUFBzAC
+hihodHRwOi8vY2VydHMuYXBwbGUuY29tL2FwcGxlaXN0Y2EyZzEuZGVyMDgGCCsG
+AQUFBzABhixodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLWFwcGxlaXN0Y2Ey
+ZzEwMTBMBgNVHREERTBDgkFhY3RpdmUuZ2VvdHJ1c3QtZ2xvYmFsLWNhLnRlc3Qt
+cGFnZXMuY2VydGlmaWNhdGVtYW5hZ2VyLmFwcGxlLmNvbTCB/wYDVR0gBIH3MIH0
+MIHxBgoqhkiG92NkBQsEMIHiMIGkBggrBgEFBQcCAjCBlwyBlFJlbGlhbmNlIG9u
+IHRoaXMgY2VydGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5j
+ZSBvZiBhbnkgYXBwbGljYWJsZSB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2Ug
+YW5kL29yIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wOQYIKwYB
+BQUHAgEWLWh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5
+L3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAs
+oCqgKIYmaHR0cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYTJnMS5jcmwwHQYD
+VR0OBBYEFP0qkmFJhArI0MsfW0V+/wY9x4GSMA4GA1UdDwEB/wQEAwIFoDANBgkq
+hkiG9w0BAQsFAAOCAQEATjT8M0bIq+mFc8k5cd4KDjCMBjYl/l3/8zKlWYGP+nl1
+KRogXcGRa3LcfpdJcqgMrx8e9Xohduvl8MBzwv671rYkppzZdsmZdLVorAdbL5GL
+suhTjAS5yL3NBWNMRpeOgFsVr7YtPDEvo3CFsnzjg7THe0S6Y35oYukJtUzGUvSY
+kC3ApBTdjj0vAeow+dbt+AHKnQiEnon4ToSFmtnkru08Uxe7uyHCQ2sLUg0EPYc9
+t9I8lviaHfK/mQoCzlme2O/H5Rher8dXCv8hVT1NKbsi28EpgpqcTLS+hn/Edc/q
+4dPDoO1Ozs+ixRzFeMpA+JrnAyARb6qbSrAPBgtIbQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEQDCCAyigAwIBAgIDAjp0MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMTQwNjE2MTU0MjAyWhcNMjIwNTIwMTU0MjAyWjBiMRwwGgYDVQQD
+ExNBcHBsZSBJU1QgQ0EgMiAtIEcxMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eTETMBEGA1UEChMKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQk6EdR0MgFrILa+vD1bTox5jN896/
+6E3p4zaAB/xFG2p8RYauVtOkCX9hDWtdflJrfbTIOcT0Zzr3g84Zb4YvfkV+Rxxn
+UsqVBV3iNlGFwNRngDVvFd0+/R3S/Y80UNjsdiq+49Pa5P3I6ygClhGXF2Ec6cRZ
+O0LcMtEJHdqm0UOG/16yvIzPZtsBiwKulEjzOI/96jKoCOyGl1GUJD5JSZZT6Hmh
+QIHpBbuTlVH84/18EUv3ngizFUkVB/nRN6CbSzL2tcTcatH8Cu324MUpoKiLcf4N
+krz+VHAYCm3H7Qz7yS0Gw4yF/MuGXNY2jhKLCX/7GRo41fCUMHoPpozzAgMBAAGj
+ggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1luMrMTjAdBgNVHQ4E
+FgQU2HqURHyQcJAWnt0XnAFEA4bWKikwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV
+HQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2cuc3ltY2IuY29t
+L2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYS
+aHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEG
+CCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3Bz
+MA0GCSqGSIb3DQEBCwUAA4IBAQAWR3NvhaJi4ecqdruJlUIml7xKrKxwUzo/MYM9
+PByrmuKxXRx2GqA8DHJXvtOeUODImdZY1wLqzg0pVHzN9cLGkClVo28UqAtCDTqY
+bQZ4nvBqox0CCqIopI3CgUY+bWfa3j/+hQ5CKhLetbf7uBunlux3n+zUU5V6/wf0
+8goUwFFSsdaOUAsamVy8C8m97e34XsFW201+I6QRoSzUGwWa5BtS9nw4mQVLunKN
+QolgBGYq9P1o12v3mUEo1mwkq+YlUy7Igpnioo8jvjCDsSeL+mh/AUnoxphrEC6Y
+XorXykuxx8lYmtA225aV7LaB5PLNbxt5h0wQPInkTfpU3Kqm
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/appleistca8g1-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,64 @@
+-----BEGIN CERTIFICATE-----
+MIIElDCCBDqgAwIBAgIIWax3IY1ByGIwCgYIKoZIzj0EAwIwYjEcMBoGA1UEAwwT
+QXBwbGUgSVNUIENBIDggLSBHMTEgMB4GA1UECwwXQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE5MDEw
+ODIxMTAyNFoXDTIwMDgwODIxMjAwMFowga0xTTBLBgNVBAMMRGFjdGl2ZS5nZW90
+cnVzdC1nbG9iYWwtY2EtZzIudGVzdC1wYWdlcy5jZXJ0aWZpY2F0ZW1hbmFnZXIu
+YXBwbGUuY29tMSUwIwYDVQQLDBxtYW5hZ2VtZW50OmlkbXMuZ3JvdXAuODY0ODU5
+MRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYD
+VQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN4oxNLGzmOIfgFRxDaU
+SaOYTQVZCc7a7MXlK1L4/KgN22stgSkrg47aOWviMuzb9Q9hDA/Tn19o9Zr8G5ON
+pYijggKMMIICiDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMPEpFgFY9eDBrqW
+jdyyjzL2u7dBMH4GCCsGAQUFBwEBBHIwcDA0BggrBgEFBQcwAoYoaHR0cDovL2Nl
+cnRzLmFwcGxlLmNvbS9hcHBsZWlzdGNhOGcxLmRlcjA4BggrBgEFBQcwAYYsaHR0
+cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZWlzdGNhOGcxMDEwTwYDVR0R
+BEgwRoJEYWN0aXZlLmdlb3RydXN0LWdsb2JhbC1jYS1nMi50ZXN0LXBhZ2VzLmNl
+cnRpZmljYXRlbWFuYWdlci5hcHBsZS5jb20wgf4GA1UdIASB9jCB8zCB8AYKKoZI
+hvdjZAULBDCB4TCBpAYIKwYBBQUHAgIwgZcMgZRSZWxpYW5jZSBvbiB0aGlzIGNl
+cnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgYW55
+IGFwcGxpY2FibGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlIGFuZC9vciBj
+ZXJ0aWZpY2F0aW9uIHByYWN0aWNlIHN0YXRlbWVudHMuMDgGCCsGAQUFBwICMCwM
+Kmh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzAdBgNV
+HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwNwYDVR0fBDAwLjAsoCqgKIYmaHR0
+cDovL2NybC5hcHBsZS5jb20vYXBwbGVpc3RjYThnMS5jcmwwHQYDVR0OBBYEFCQy
+hU8U00tcIz6L0MCT6EGVho0EMA4GA1UdDwEB/wQEAwIDiDAKBggqhkjOPQQDAgNI
+ADBFAiAl5nGHi2u8V0aJSp4o1i3TlK7ao8WvxwBuHKfuKibSLAIhAN8PZqhESS9u
+V7Dr6qzs88yn/1z6oeqPwDsntFpUFtWG
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAtugAwIBAgIQE1Iuv8HdXOEe8nZAdR/n3zAKBggqhkjOPQQDAzCBmDEL
+MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
+KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
+MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEcyMB4XDTE2MDYwOTAwMDAwMFoXDTMxMDYwODIzNTk1OVowYjEcMBoGA1UE
+AwwTQXBwbGUgSVNUIENBIDggLSBHMTEgMB4GA1UECwwXQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAELVSOaLAQE+/0LdvYCbJD6J1lmW40uNSXyY7J
+1qgiNzLIcWDusPHyxWT2ukdf/OYHeDIt9sqAIMn9cPhykyGIRaOCATowggE2MBIG
+A1UdEwEB/wQIMAYBAf8CAQAwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cuc3lt
+Y2IuY29tL0dlb1RydXN0UENBLUcyLmNybDAOBgNVHQ8BAf8EBAMCAQYwLgYIKwYB
+BQUHAQEEIjAgMB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wSQYDVR0g
+BEIwQDA+BgZngQwBAgIwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2VvdHJ1
+c3QuY29tL3Jlc291cmNlcy9jcHMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
+BwMCMB0GA1UdDgQWBBTDxKRYBWPXgwa6lo3cso8y9ru3QTAfBgNVHSMEGDAWgBQV
+XzVXUVX7JbKtA2n8AaP6vhFV1TAKBggqhkjOPQQDAwNnADBkAjBH2jMNybjCk3Ts
+OidXxJX9YDPMd5S3KDCv8vyTdJGhtoly7fQJRNv5rnVz+6YGfsMCMEp6wyheL7NK
+mqavsduix2R+j1B3wRjelzJYgXzgM3nwhQKKlJWxpF7IGHuva1taxg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL
+MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
+KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
+MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw
+NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV
+BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL
+So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal
+tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG
+CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT
+qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz
+rD6ogRLQy7rQkgu2npaqBA+K
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustglobalca-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,66 @@
+-----BEGIN CERTIFICATE-----
+MIIHBjCCBe6gAwIBAgIQanINWwJAuap0V7lFjnfUwTANBgkqhkiG9w0BAQsFADBE
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMU
+R2VvVHJ1c3QgU1NMIENBIC0gRzMwHhcNMTcwNTAzMDAwMDAwWhcNMjAwNTAyMjM1
+OTU5WjCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV
+BAcMDU1vdW50YWluIFZpZXcxFzAVBgNVBAoMDkdlb1RydXN0LCBJbmMuMRgwFgYD
+VQQLDA9Sb290IDEwIC0gVkFMSUQxIjAgBgNVBAMMGXZhbGlkLXJvb3QxMC5nZW90
+cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTegUYhAh0
+P7aF6jzk8dit4Vzddo3hM+J7Eak/+N1sqVUS2HpNd7VO50FrbEWKIRusv7QNtlpY
+1Cgrla8M4RAhCB0wkkHXZ1Evz6E1AEFQqNSjyuRQxeEXl+xCL+MF+yAMhDRnHh+E
+eSJ3ie0T66saOyaLM9fPpr3xomAQ/IRlP1atJ/Z8XbPo25HuxwzxiWFW+RjwVIfI
+gxHz4Okwc1uImDUIDlEu9Uaqqb4jHhxU1EkKMmgEncpqwCROcZMujUkogfB49Z7+
+K17r6ARIrUuxqfNPrPwe+O88WgIeDSWffPM67UlvtomZOwuTNdv9OoCX1wUCLS7m
+/gZ3rqqqeJvfAgMBAAGjggOkMIIDoDAkBgNVHREEHTAbghl2YWxpZC1yb290MTAu
+Z2VvdHJ1c3QuY29tMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWgMCsGA1UdHwQk
+MCIwIKAeoByGGmh0dHA6Ly9nbi5zeW1jYi5jb20vZ24uY3JsMIGdBgNVHSAEgZUw
+gZIwgY8GBmeBDAECAjCBhDA/BggrBgEFBQcCARYzaHR0cHM6Ly93d3cuZ2VvdHJ1
+c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5L2xlZ2FsMEEGCCsGAQUFBwICMDUM
+M2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9s
+ZWdhbDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAU
+0m/3lvSFP3I8MH0j2oV4m6N8WnwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
+hhNodHRwOi8vZ24uc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vZ24uc3lt
+Y2IuY29tL2duLmNydDCCAfUGCisGAQQB1nkCBAIEggHlBIIB4QHfAHUA3esdK3oN
+T6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFbz9h5vQAABAMARjBEAiAx/C0U
+5NdHxK4v2oHnstYksb1Vny8PcQkSvgpx9PsZEwIgNTOU70Zc5szG23xdbvtoH5lN
+SAoVswiF5gFQS5MGu1sAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3c
+EAAAAVvP2HnZAAAEAwBHMEUCIFGjB8r2H0VDwTUE/aY/Mv+M97sqAvEP1doOcHpg
+0qyfAiEArw/S2F7OEcmKGUY1WRBuApfAx5d7hzrTSV/jZv95qJwAdgDuS723dc5g
+uuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVvP2HoDAAAEAwBHMEUCIQCH6MFZ
+tZF3Cqukt3/69fkU0Y5ePXXx8+xkOXRsIG3EGgIgSmCBWrnmPiiGA3x5QP8I8m4r
+Uee0y7s4NQNwjMgHrjwAdgC8eOHfxfY8aEZJM02hD6FfCXlpIAnAgbTz9pF/Ptm4
+pQAAAVvP2HqcAAAEAwBHMEUCIA8e2kAVYYuQCtn4PqK98BuHnLm9rC40DboFLCle
+SmQsAiEApbCJR05hr9VkNWmjaaUUGGZdVyUu9XX504LHVWyXZDUwDQYJKoZIhvcN
+AQELBQADggEBAEtfBfZ2y5uTohvW3h00Kcuop6Nq7Y59GU3MeizPKtx48DB8qHyd
+y5bLFwXzsGA1WkwpKzPbROsTGcAAXJHh03bj24AemUr/J/eQcjkfSoNBdHDpiSsk
+VZkQK2fGJDiYJ/r9mxKZcgd2pyN3l2OtVtNMv2dnFGF35UkkeqO3jqImwbypAmRX
+HdQV9dvW2YDRjzkebNNey6UwY9+YTSzr4da2hcaMHrj588Eqa4DDgNcY9QnE2RzN
+giArA+4RlM4AZ3jC2A756I67hrlvH+lhumHLp06hGfMiQJF1aaauFVSa36HKc3C/
+ty+sLdJbemEJLAr8uNXggFD+U8TKw1S4LSw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIETzCCAzegAwIBAgIDAjpvMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMTMxMTA1MjEzNjUwWhcNMjIwNTIwMjEzNjUwWjBEMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
+U1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjvn4K
+hqPPa209K6GXrUkkTdd3uTR5CKWeop7eRxKSPX7qGYax6E89X/fQp3eaWx8KA7UZ
+U9ulIZRpY51qTJEMEEe+EfpshiW3qwRoQjgJZfAU2hme+msLq2LvjafvY3AjqK+B
+89FuiGdT7BKkKXWKp/JXPaKDmJfyCn3U50NuMHhiIllZuHEnRaoPZsZVP/oyFysx
+j0ag+mkUfJ2fWuLrM04QprPtd2PYw5703d95mnrU7t7dmszDt6ldzBE6B7tvl6QB
+I0eVH6N3+liSxsfQvc+TGEK3fveeZerVO8rtrMVwof7UEJrwEgRErBpbeFBFV0xv
+vYDLgVwts7x2oR5lAgMBAAGjggFKMIIBRjAfBgNVHSMEGDAWgBTAephojYn7qwVk
+DBF9qn1luMrMTjAdBgNVHQ4EFgQU0m/3lvSFP3I8MH0j2oV4m6N8WnwwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNgYDVR0fBC8wLTAroCmgJ4Yl
+aHR0cDovL2cxLnN5bWNiLmNvbS9jcmxzL2d0Z2xvYmFsLmNybDAvBggrBgEFBQcB
+AQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9nMi5zeW1jYi5jb20wTAYDVR0gBEUw
+QzBBBgpghkgBhvhFAQc2MDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2VvdHJ1
+c3QuY29tL3Jlc291cmNlcy9jcHMwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVN5
+bWFudGVjUEtJLTEtNTM5MA0GCSqGSIb3DQEBCwUAA4IBAQCg1Pcs+3QLf2TxzUNq
+n2JTHAJ8mJCi7k9o1CAacxI+d7NQ63K87oi+fxfqd4+DYZVPhKHLMk9sIb7SaZZ9
+Y73cK6gf0BOEcP72NZWJ+aZ3sEbIu7cT9clgadZM/tKO79NgwYCA4ef7i28heUrg
+3Kkbwbf7w0lZXLV3B0TUl/xJAIlvBk4BcBmsLxHA4uYPL4ZLjXvDuacu9PGsFj45
+SVGeF0tPEDpbpaiSb/361gsDTUdWVxnzy2v189bPsPX1oxHSIFMTNDcFLENaY9+N
+QNaFHlHpURceA1bJ8TCt55sRornQMYGbaLHZ6PPmlH7HrhMvh+3QJbBo+d4IWvMp
+zNSS
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustprimarycag2-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,55 @@
+-----BEGIN CERTIFICATE-----
+MIIFcDCCBRegAwIBAgIQHw+Lyn4UTWqRF8/JM7DH+zAKBggqhkjOPQQDAjBHMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xHzAdBgNVBAMTFkdl
+b1RydXN0IEVDQyBFViBTU0wgQ0EwHhcNMTcwNTExMDAwMDAwWhcNMTkwNTAzMjM1
+OTU5WjCB8jETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECDAhE
+ZWxhd2FyZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV
+BAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9u
+MRAwDgYDVQQFEwczNDc5NzUwMRcwFQYDVQQKDA5HZW9UcnVzdCwgSW5jLjEYMBYG
+A1UECwwPUm9vdCAxMiAtIFZBTElEMSIwIAYDVQQDDBl2YWxpZC1yb290MTIuZ2Vv
+dHJ1c3QuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbvbmcvKl4MkBRBNY
+7EOQ7ugwPIPPCp73W++hAcbFPqiDmupl/fqfrbjL06FImeWzDY7cQOhLbv0Ha8Yq
+UrL8HKOCAzcwggMzMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMA4GA1UdDwEB/wQEAwIFoDCBqQYDVR0gBIGhMIGeMIGSBgkrBgEEAfAi
+AQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNv
+dXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3
+dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwBwYFZ4EM
+AQEwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2ZlLnN5bWNiLmNvbS9mZS5jcmww
+VwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vZmUuc3ltY2QuY29t
+MCYGCCsGAQUFBzAChhpodHRwOi8vZmUuc3ltY2IuY29tL2ZlLmNydDAkBgNVHREE
+HTAbghl2YWxpZC1yb290MTIuZ2VvdHJ1c3QuY29tMB8GA1UdIwQYMBaAFABLH5GB
+DgtDzgRzu5abgh1mY608MIIBfAYKKwYBBAHWeQIEAgSCAWwEggFoAWYAdQDd6x0r
+eg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAVv4eJwGAAAEAwBGMEQCIBSx
+ZdTP+tDh1rstAJ7vyIPNH7HBE6mCRj9W41ccUwbGAiA7p0ljgNoO/ldknmgTiZdI
+FlgEy1KgPQiHYvNS+9MHYwB1AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7I
+DdwQAAABW/h4nDMAAAQDAEYwRAIgWf4vMQ9lrM5xKD+iEVXkC7g5CB3fmuxP7fNp
+7qX7PB8CIDNe8HT3262gw3D13MGQccxfUhf7dZ9aCRgk7UEDimsJAHYA7ku9t3XO
+YLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFb+Hid8wAABAMARzBFAiAxSFtr
+/dpMd53ZSC4N9FomEZhoNnARnYe7cWnTAdKVHAIhALEz0JaOqgYTf0k9yYPuNW4E
+Bo26yneH6KtdkMV7/gRoMAoGCCqGSM49BAMCA0cAMEQCIBPb1wYt8d6EdjLXiAZp
+UfKGFdQF/oexd5GCB1TU0juDAiBWPRPVggfYfc4gLOkYSqIPvPRmEmEhyY8fqsM6
+3YJgDg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDyDCCA06gAwIBAgIQDww3Kf30lVv4ZevF7vQy/DAKBggqhkjOPQQDAzCBmDEL
+MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
+KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
+MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEcyMB4XDTE2MDEwNzAwMDAwMFoXDTI2MDEwNjIzNTk1OVowRzELMAkGA1UE
+BhMCVVMxFzAVBgNVBAoTDkdlb1RydXN0LCBJbmMuMR8wHQYDVQQDExZHZW9UcnVz
+dCBFQ0MgRVYgU1NMIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEF136Fo2A
+bY7q0YbhVBTL4HNFaJyTdoU3y+o8YdhxQuw1SrpQT9EwLTyx8Xzf/LNPeoalIKNu
+U/3LQgNct6Fk9aOCAcgwggHEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJo
+dHRwOi8vZy5zeW1jZC5jb20wEgYDVR0TAQH/BAgwBgEB/wIBADCBqQYDVR0gBIGh
+MIGeMAcGBWeBDAEBMIGSBgkrBgEEAfAiAQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBz
+Oi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBB
+BggrBgEFBQcCAjA1GjNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2Vz
+L3JlcG9zaXRvcnkvbGVnYWwwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2cuc3lt
+Y2IuY29tL0dlb1RydXN0UENBLUcyLmNybDArBgNVHREEJDAipCAwHjEcMBoGA1UE
+AxMTU1lNQy1FQ0MtQ0EtcDI1Ni0zMjAdBgNVHQ4EFgQUAEsfkYEOC0POBHO7lpuC
+HWZjrTwwHwYDVR0jBBgwFoAUFV81V1FV+yWyrQNp/AGj+r4RVdUwCgYIKoZIzj0E
+AwMDaAAwZQIweZGj+Ar54cOBtC1I6rkfdNOtxSg77WBAvvsEv1+knWbbu8Acroz1
+Q9xqHnHLXpgRAjEAxNA5KzWxutl/kVj/7bUCYtvSWLfmb2ZTTsvof7VjjWlRnPje
+wLtx+yN5EV7LPWDi
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustprimarycag3-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,67 @@
+-----BEGIN CERTIFICATE-----
+MIIG6jCCBdKgAwIBAgIQZfxPPcDd0zSbl2UQK6dtRzANBgkqhkiG9w0BAQsFADBG
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEfMB0GA1UEAxMW
+R2VvVHJ1c3QgU0hBMjU2IFNTTCBDQTAeFw0xNzAyMDEwMDAwMDBaFw0yMDAzMDIy
+MzU5NTlaMHgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYD
+VQQHDA1Nb3VudGFpbiBWaWV3MR0wGwYDVQQKDBRTeW1hbnRlYyBDb3Jwb3JhdGlv
+bjEdMBsGA1UEAwwUc3NsdGVzdDEzLmJidGVzdC5uZXQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDV734wSAESareltMadza6jJ0SVi6bLb/Q23La5v5Z/
+rFCdPzSRrMMKj08NfAA/i1k+TF/d7NZ+rrFvCIN33kfDzSLvIQiJh7NZ/yivA9DY
+eH7RAuVXfrsqhsqpgHVNSmMXxaGxOIJ4RcEx0RB3vbb3frm46lCLMH0uCavJ7Txo
+gDJpAG6AP/hF524IVJcIcHxhJqZo1pQO/iwb/uNGkqwRuAeL9zKhv0tYyiHKNqyW
+AXk51Nzm+TQq0flw0nw7EC9f+VNrquiO5j76JKeL+DaxpUtftTpzL5b5oM/LXwDt
+62VUMujOyVuKPIj1ieQVdhETSDvf340tQI7MB4qFrHlFAgMBAAGjggOgMIIDnDAf
+BgNVHREEGDAWghRzc2x0ZXN0MTMuYmJ0ZXN0Lm5ldDAJBgNVHRMEAjAAMA4GA1Ud
+DwEB/wQEAwIFoDArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vZ2ouc3ltY2IuY29t
+L2dqLmNybDCBnQYDVR0gBIGVMIGSMIGPBgZngQwBAgIwgYQwPwYIKwYBBQUHAgEW
+M2h0dHBzOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9s
+ZWdhbDBBBggrBgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVz
+b3VyY2VzL3JlcG9zaXRvcnkvbGVnYWwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMB8GA1UdIwQYMBaAFBRnju2DT9YenUAEDARGoXA0sg9yMFcGCCsGAQUF
+BwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2dqLnN5bWNkLmNvbTAmBggrBgEF
+BQcwAoYaaHR0cDovL2dqLnN5bWNiLmNvbS9nai5jcnQwggH2BgorBgEEAdZ5AgQC
+BIIB5gSCAeIB4AB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAAB
+WfvjZWcAAAQDAEYwRAIgIxFLEWNCRmGQl2o+3psXrWAd88rz9G1JbxbAgHFpXmAC
+IFxZpWwuj1Aq4Yx6VrBBqvA+K/GlNY2OcThPaeoj3jdfAHYApLkJkLQYWBSHuxOi
+zGdwCjw1mAT5G9+443fNDsgN3BAAAAFZ++NlpAAABAMARzBFAiB+iko2tw6USdc2
+E956ZIpXy9TTUiVtpKHzKFhuR7mdwwIhAMwTisbIGh6UTdjXnPktWPFcWhfxQOPB
+U41c/v7zuFV9AHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFZ
+++NnWwAABAMASDBGAiEAmqY4AhQPt/tU1iR0LvrlpIjKlc0IArbxENVkVbNTYwcC
+IQCPlJZQb7mmlPwjy//aJMyOtEeVFb6DzfM4uhJiSrU9WAB2ALx44d/F9jxoRkkz
+TaEPoV8JeWkgCcCBtPP2kX8+2bilAAABWfvjZmgAAAQDAEcwRQIgMcV63d6G3RHm
+rN34V1zDiAbKG1k/pDEErcfZ+8Y0GdwCIQCcuqmKjnpUYs8ps4/NSx78U2ssNuLA
++QDpYuH1XKHCUTANBgkqhkiG9w0BAQsFAAOCAQEAjYdQJYtrhPJTIHcsyksTWGHS
+cpIt7y1bzp+t06KYn6x+ax+09sTJQzr7L2BA3h24blgMWr2yEH0mvQdVncBFt8xr
+9O8jeg5dHSeJknnDlXOA23Z2NJLanX7m29/713DxZ+HJXFx0Wiz5mtuTo7Q6FpQF
+SI44v0fbUTb7LV81fFpyriroZTlpiMI01NLWGldyCchC795fEYiibSvr1uidjp9i
++MKppG3t3YXb1/Wu2A21b6Z4akgl021A5cJcg8/Q3wjYMqQTtuUEezsBl2jLoey1
+pa/ag3epMe19zTq4iqS3Z4r+2jrZ4IjnKmkDKo4uKvTAfUX2Yu2+Lm3E6Vfdow==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIExzCCA6+gAwIBAgIQQYISfRLZxrMhOUMSVmQAuDANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTEzMDUyMzAwMDAwMFoXDTIzMDUyMjIzNTk1OVowRjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHzAdBgNVBAMTFkdlb1Ry
+dXN0IFNIQTI1NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDGqQtdF6V9xs8q78Zm0UIeX4N4aJGv5qeL8B1EAQoZypzUix3hoZCjwVu011tq
+i/wOSR7CYin+gBU5i4EqJ7X7EqgFIgvFLPXZmN0WLztm52KiQzKsj7WFyFIGLFzA
+d/pn94PoXgWNyKuhFjKK0kDshjocI6mNtQDecr2FVf4GAWBdrbPgZXOlkhSelFZv
+k+6vqTowJUqOCYTvt9LV15tJzenAXmdxIqxQkEMgXaGjFYP9/Kc5vGtlSBJg/90j
+szqq9J+cN1NBokeTgTMJ5SLGyBxJoW6NzIOzms3qQ/IZ0yTLqCmuUsz0CCewhOrO
+J7XhNBNzklyHhirGsGg2rcsJAgMBAAGjggFcMIIBWDA7BggrBgEFBQcBAQQvMC0w
+KwYIKwYBBQUHMAGGH2h0dHA6Ly9wY2EtZzMtb2NzcC5nZW90cnVzdC5jb20wEgYD
+VR0TAQH/BAgwBgEB/wIBADBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggr
+BgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczA7
+BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9HZW9UcnVz
+dFBDQS1HMy5jcmwwDgYDVR0PAQH/BAQDAgEGMCoGA1UdEQQjMCGkHzAdMRswGQYD
+VQQDExJWZXJpU2lnbk1QS0ktMi00MTYwHQYDVR0OBBYEFBRnju2DT9YenUAEDARG
+oXA0sg9yMB8GA1UdIwQYMBaAFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3
+DQEBCwUAA4IBAQAQEOryENYIRuLBjz42WcgrD/5N7OP4tlYxeCXUdvII3e8/zYsc
+fqp//AuoI2RRs4fWCfoi+scKUejOuPYDcOAbWrmxspMREPmXBQcpbG1XJVTo+Wab
+Dvvbn+6Wb2XLH9hVzjH6zwL00H9QZv8veZulwt/Wz8gVg5aEmLJG1F8TqD6nNJwF
+ONrP1mmVqSaHdgHXslEPgWlGJhyZtoNY4ztYj9y0ccC5v0KcHAOe5Eao6rnBzfZb
+qTyW+3mkM3Onnni5cNxydMQyyAAbye9I0/s6m/r+eppAaRzI2ig3C9OjuX6WzCso
+w1Zsb+nbUrH6mvvnr7WXpiLDxaiTsQDJB7J9
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/geotrustuniversalca-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIHATCCBemgAwIBAgIQJmVwMHBfVctB6q6UbCC4eDANBgkqhkiG9w0BAQsFADBH
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX
+R2VvVHJ1c3QgRVYgU1NMIENBIC0gRzYwHhcNMTcwNTA5MDAwMDAwWhcNMTkwNTAz
+MjM1OTU5WjCB8jETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgEC
+DAhEZWxhd2FyZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU
+BgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0
+aW9uMRAwDgYDVQQFEwczNDc5NzUwMRcwFQYDVQQKDA5HZW9UcnVzdCwgSW5jLjEY
+MBYGA1UECwwPUm9vdCAxNCAtIFZBTElEMSIwIAYDVQQDDBl2YWxpZC1yb290MTQu
+Z2VvdHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAua4C
+iQ+Sk3VXblrh9xI6DqxELgjGxLOxORgayEM1/x4lKC5Dah5Ey9jeDhy6eDLJRXce
+JHjR5FYFNpjRpp8w58SzmosAQk7tgRy6HGPtVUUXCVkfUDJ6LIcZE1UcwKO3CUdh
+2Dn3naVCNImdqqoUTCr4H/8iIy+1l4aUDnukiAsTV6M2Len0UQpD8MY2KyVmWNJz
+GLGzZKXKwU42CZwK8hR+xUH/BSEcWvfU2bFShVGIY1CCpJ5vdhi0QMaRfDzpAXVw
+3gvO5bN7RvDD8tABtLUjpnm0P7HzxkVkEO+BGg0P+qpw4bflu+TE7die+pFY1Skz
+1rEFOvMEVOCqoinanwIDAQABo4IDOzCCAzcwJAYDVR0RBB0wG4IZdmFsaWQtcm9v
+dDE0Lmdlb3RydXN0LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDCBqQYD
+VR0gBIGhMIGeMIGSBgkrBgEEAfAiAQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8v
+d3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggr
+BgEFBQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3Jl
+cG9zaXRvcnkvbGVnYWwwBwYFZ4EMAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
+AQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2ZpLnN5
+bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2ZpLnN5bWNiLmNvbS9maS5jcnQw
+KwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL2ZpLnN5bWNiLmNvbS9maS5jcmwwHwYD
+VR0jBBgwFoAUvpmWhYTv5p/5H+H8ZmdbVqX6i1MwggGABgorBgEEAdZ5AgQCBIIB
+cASCAWwBagB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABW/fm
+zy4AAAQDAEgwRgIhALUgY0DrJaqjpgv19bbS434UDMpUfIfZ7qyxz30M1LiQAiEA
+4dXlkRJLc3i+DcFUNSjRh8dKPLZMC3DhD4bm7tDQaWwAdgCkuQmQtBhYFIe7E6LM
+Z3AKPDWYBPkb37jjd80OyA3cEAAAAVvuRpVUAAAEAwBHMEUCIGUbCcQ2agQi+sWo
+zudL0F2rSS4elFAgHy/nSzGb/fl0AiEA5zLqvTsn8ioQ89KycY3HocNCLAPtqDqe
+t9+6pcJnVFsAdwDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVvu
+RpV3AAAEAwBIMEYCIQDrKkvy08fPVx4vbVO4wBYw7tpqkmrWTaKCIs7Tx9utYwIh
+ANuH3S2ngCM7WzCebmbLFVDmaNxQki3kmZbCOp358sRvMA0GCSqGSIb3DQEBCwUA
+A4IBAQAOEMVj7HwG97PurqFqoa9JI2adgj8er1hc70dIGkTt21OKLWvWp0Yafcjx
+qqEByFjzkF0/yreVmbxl1zf7utUMfWslmv7ElXDvS79lZ2UWO6vptyaZM6VSJ2s+
+pmGHJaQgw3AbDmu5yLmUPlHwOttv//AOuaZvrQISzrwmMs60sHn+pS7qtSdL3lYa
+PtqhCBQNJoLDstn57B/aLBUYx5rSqhK68CCxY4ZcA1i02RakZJIhGbOAOy4x5pZH
+uZiiRFTxgZRGNNUDjrhmVVk7cQDu3eDRDkUKD9m7796GJ+aFDZlvzmORaNW5GYjv
+0qIRajIKmohnwumn+xaJFpmDEuw+
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFUjCCAzqgAwIBAgIQAQAZ9apyafiMHhwSEeyNTzANBgkqhkiG9w0BAQsFADBF
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMV
+R2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTE3MDUwMTE0MTcxNloXDTI3MDQyOTE0
+MTcxNlowRzELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xIDAe
+BgNVBAMTF0dlb1RydXN0IEVWIFNTTCBDQSAtIEc2MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEArvBCvG8ORCUSTiERfNmMdtEvKhvmnV8MrSLOw6t3q24c
++r/y69NGdUJArGmBv8crE5Vxd5mYlecmflrJtyuh08HDFc4Mr4yh2xcGmeKA7Uz5
+Q/Wpfropvop1cFB3r/8BwpfxortVi2jkawQ89TDo3l0RacJrjM29dq+rQwqIWvfK
+dHuU58t54CsXzvJrqDnhL4v+LQ2mqZMbAfh1Mhh8MftEH5UfOSgY2uXwnu5vERYI
+3cl0nakgoJOyUlb187iFd/TrSrYGquv8dYAKTKOTd44YNwxb43iKk/esqxOTiqW8
+rAFv6/E6aOmHwqyP9l7LMtLzVE27ra1wESMR70JttwIDAQABo4IBOjCCATYwHwYD
+VR0jBBgwFoAU2rsuqrAMuIgmUXRcbQPTwNiPetYwHQYDVR0OBBYEFL6ZloWE7+af
++R/h/GZnW1al+otTMA4GA1UdDwEB/wQEAwIBBjAuBggrBgEFBQcBAQQiMCAwHgYI
+KwYBBQUHMAGGEmh0dHA6Ly9nLnN5bWNkLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEA
+MB8GA1UdIAQYMBYwBwYFZ4EMAQEwCwYJKwYBBAHwIgEGMDUGA1UdHwQuMCwwKqAo
+oCaGJGh0dHA6Ly9nLnN5bWNiLmNvbS9jcmxzL2d0dW5pY2ExLmNybDAdBgNVHSUE
+FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMT
+EVN5bWFudGVjUEtJLTItNzU3MA0GCSqGSIb3DQEBCwUAA4ICAQA8iM9XJ01hEzSM
+iATIdK/z+F1Vtm9hHjp0FzkOvVYkp7v6LIkazg299fyAy2+A/tpSzKyMIzy5B2R/
+sjbWykIK+3vtOlgUNilP7EoudiCjR/692THUtJ/QjPNzFYhO9apU2Wpc33ZYMH0Q
+YKUPmAd7eBmsdVKHNLENcMjjCjnkjXnYtxq/jv2R4QhD83tbFnvBoKjxi2vAfDXG
+xN8aItVg/FSdScZCMhe0w/HLzcN6N3NCGDBn2PjF0o3QLJa9yVSrvJ9Nh3my6rUb
+gMhlfFEQXTmLxucqL5/n5lXyUWd0kTxFv++TalTeqYf3G/oeu5kcpfjUJREp/9ed
+gQqhDEGIuJFrMm4qi+sNDrq0OkLBHCqefFArTz2ApiI9zd9pcKfjS3f/EB87AVmW
+3m1lfqPeS+w+vBg7VCGNY9gGNUe+w4juTEBiwIjnp7I+aBVnIwxV9PdJoj1ZaLCx
+U8AEN6tXD8IcCquLxs3fBsF85svvUfK8qh3ufKB3I3RHGq5Asmtvc5URcyeuA+d2
+zPQ1qAXH5m3DLkb0KdAvJ5E6mQ2S2aqwJPXtpqx2J40C1Qx+uUsHG2vDoT3ZTazt
+LPBIIqF2YJr1hr760yXM3Jf14eyc+RXPrjA1mc/CKNbv6SvU5MvlYj+Vvx70y+k8
+U5ev+YdiYoYu0wQtDJQCJjM+eavqxQ==
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootca-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,66 @@
+-----BEGIN CERTIFICATE-----
+MIIG/TCCBeWgAwIBAgIQfVQyuY0yb1Q+TZDQHtRC8TANBgkqhkiG9w0BAQsFADBH
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMX
+R2VvVHJ1c3QgRVYgU1NMIENBIC0gRzQwHhcNMTcwNTAzMDAwMDAwWhcNMTkwNTAz
+MjM1OTU5WjCB8jETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgEC
+DAhEZWxhd2FyZTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAU
+BgNVBAcMDU1vdW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0
+aW9uMRAwDgYDVQQFEwczNDc5NzUwMRcwFQYDVQQKDA5HZW9UcnVzdCwgSW5jLjEY
+MBYGA1UECwwPUm9vdCAxMSAtIFZBTElEMSIwIAYDVQQDDBl2YWxpZC1yb290MTEu
+Z2VvdHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5Wn
+8CUYyHQnisa3ihcezpRBrKNF9OGb9ye9G4mUFRAHoFlNdwVP3qxBtEo7N6ylZ7G0
+tMcLwqy+cdMZlyCw0qPQrJQXqp5AEL034IMeckSvR9I2RyR7DUW3kVtKRsDiAUo9
+4r8h/5ZT96OW/jtdE2WPr0Wt5r0DyG8xzUbUdh5tYFwlxMJLeHgomqsG1WXBEDvS
+cTJk9JMZpH5d1FYux+T0BkJsYyj0NRcDnQuc6P4QIkpim3wsOBKMa7beEiCanmcK
+dSBrBfl2iep67VfOEYfjYTDOwqwaknSfb2H33e0lpunI76Rwv1uZkr/4ciDyaNZS
+IsLh1i57eKvWqn+G9wIDAQABo4IDNzCCAzMwJAYDVR0RBB0wG4IZdmFsaWQtcm9v
+dDExLmdlb3RydXN0LmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDArBgNV
+HR8EJDAiMCCgHqAchhpodHRwOi8vZ20uc3ltY2IuY29tL2dtLmNybDCBqQYDVR0g
+BIGhMIGeMIGSBgkrBgEEAfAiAQYwgYQwPwYIKwYBBQUHAgEWM2h0dHBzOi8vd3d3
+Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvcmVwb3NpdG9yeS9sZWdhbDBBBggrBgEF
+BQcCAjA1DDNodHRwczovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL3JlcG9z
+aXRvcnkvbGVnYWwwBwYFZ4EMAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
+BwMCMB8GA1UdIwQYMBaAFN7PXFC3rgIfFReqFugNtSidalrzMFcGCCsGAQUFBwEB
+BEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2dtLnN5bWNkLmNvbTAmBggrBgEFBQcw
+AoYaaHR0cDovL2dtLnN5bWNiLmNvbS9nbS5jcnQwggF8BgorBgEEAdZ5AgQCBIIB
+bASCAWgBZgB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABW8/Y
+RIwAAAQDAEYwRAIgWDLmmEUz8FyqMxfyweXN18EAYitvP3XPnU3XkJzRSrQCIB5y
+KErRbSiDkj43iFWQVodPA70HtcgdIzk4X3KA7thOAHYApLkJkLQYWBSHuxOizGdw
+Cjw1mAT5G9+443fNDsgN3BAAAAFbz9hEtwAABAMARzBFAiAjTCcAEJDj9M/xY7a/
+pysTrl0MrE6rMzpotNZ5kik1PgIhAMTAYXIUeA7LqKhYlvOvW/cH+uB+8329J8cy
+xMF8dmEJAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFbz9hE
+3gAABAMARjBEAiA7UGcNzFIEVvXeJRuWPfhA8t0JOjl//7ZuLYgdnt6/jAIgIHyH
+QHLo2q5o99msj2s8o1BaTmxxnSF4TZPm8iZGLywwDQYJKoZIhvcNAQELBQADggEB
+AGBUtaCjWXpAPSc7ypv6f+IJGYfGHR7NLBLLjTytKHcIx5Hb0YT14TFWnXacaSHk
+XL/vY3v3CrdGqn6UZb4UEdyB54juG6J7DLQF/l8oeG0GzPQLlSOt0ZU4Cq9DayO0
+OFS6jD7K7FqalSiBzvFnDFmWqLXZQaO/dFPHvZVIdhfO6Vl/3yH+nkphrc8AiHqV
+0LkFaoki3RUJMqPvb1pyZ41MzMVsS/LMPoxS0JUl+YKAhL5H1JS1OPMY1B++k2hs
+BoScopXAC1xsOkpQWg+U2+mMnAebcCeFWtKrjVUIA+lzaAr6jbBOK9dLSschRXBe
+R9xGJ3I9J4t0pKD5lFr9+fQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEbjCCA1agAwIBAgIQboqQ68/wRIpyDQgF0IKlRDANBgkqhkiG9w0BAQsFADBY
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
+R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMzEw
+MzEwMDAwMDBaFw0yMzEwMzAyMzU5NTlaMEcxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
+Ew1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdHZW9UcnVzdCBFViBTU0wgQ0EgLSBH
+NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANm0BfI4Zw8J53z1Yyrl
+uV6oEa51cdlMhGetiV38KD0qsKXV1OYwCoTU5BjLhTfFRnHrHHtp22VpjDAFPgfh
+bzzBC2HmOET8vIwvTnVX9ZaZfD6HHw+QS3DDPzlFOzpry7t7QFTRi0uhctIE6eBy
+GpMRei/xq52cmFiuLOp3Xy8uh6+4a+Pi4j/WPeCWRN8RVWNSL/QmeMQPIE0KwGhw
+FYY47rd2iKsYj081HtSMydt+PUTUNozBN7VZW4f56fHUxSi9HdzMlnLReqGnILW4
+r/hupWB7K40f7vQr1mnNr8qAWCnoTAAgikkKbo6MqNEAEoS2xeKVosA7pGvwgtCW
+XSUCAwEAAaOCAUMwggE/MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD
+AgEGMC8GCCsGAQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL2cyLnN5bWNi
+LmNvbTBHBgNVHSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93
+d3cuZ2VvdHJ1c3QuY29tL3Jlc291cmNlcy9jcHMwNAYDVR0fBC0wKzApoCegJYYj
+aHR0cDovL2cxLnN5bWNiLmNvbS9HZW9UcnVzdFBDQS5jcmwwKQYDVR0RBCIwIKQe
+MBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTM4MB0GA1UdDgQWBBTez1xQt64C
+HxUXqhboDbUonWpa8zAfBgNVHSMEGDAWgBQs1VBBlxWL8I82YVtK+2vZmckzkjAN
+BgkqhkiG9w0BAQsFAAOCAQEAtI69B7mahew7Z70HYGHmhNHU7+sbuguCS5VktmZT
+I723hN3ke40J2s+y9fHDv4eEvk6mqMLnEjkoNOCkVkRADJ+IoxXT6NNe4xwEYPtp
+Nk9qfgwqKMHzqlgObM4dB8NKwJyNw3SxroLwGuH5Tim9Rt63Hfl929kPhMuSRcwc
+sxj2oM9xbwwum9Its5mTg0SsFaqbLmfsT4hpBVZ7i7JDqTpsHBMzJRv9qMhXAvsc
+4NG9O1ZEZcNj9Rvv7DDZ424uE+k5CCoMcvOazPYnKYTT70zHhBFlH8bjgQPbh8x4
+97Wdlj5qf7wRhXp15kF9Dc/55YVpJY/HjQct+GkPy0FTAA==
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootcag2-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,51 @@
+-----BEGIN CERTIFICATE-----
+MIIFNjCCBN2gAwIBAgIQWCw1fnWLWedosJcJlxQbhDAKBggqhkjOPQQDAjBDMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQDExR0aGF3
+dGUgRUNDIEVWIFNTTCBDQTAeFw0xNzA1MTEwMDAwMDBaFw0xOTA1MDgyMzU5NTla
+MIHsMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQIMCERlbGF3
+YXJlMRUwEwYDVQQKDAxUaGF3dGUsIEluYy4xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+DApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR0wGwYDVQQPExRQ
+cml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UEBRMHMzg5ODI2MTEXMBUGA1UECwwO
+Um9vdCA4IC0gVkFMSUQxHzAdBgNVBAMMFnZhbGlkLXJvb3Q4LnRoYXd0ZS5jb20w
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATVxsOfZ4/2K7l7FYl6ejjp5aNuX1J9
+gqfb8WdGQdmKW8TVlhzM9p3BQ61hcISHVW01ZzR2PgYQ5aALzTaZ/Vt9o4IDBzCC
+AwMwCQYDVR0TBAIwADB8BgNVHSAEdTBzMGgGC2CGSAGG+EUBBzABMFkwJgYIKwYB
+BQUHAgEWGmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMC8GCCsGAQUFBwICMCMM
+IWh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeTAHBgVngQwBATArBgNV
+HR8EJDAiMCCgHqAchhpodHRwOi8vdHEuc3ltY2IuY29tL3RxLmNybDAdBgNVHSUE
+FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMFcGCCsGAQUF
+BwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3RxLnN5bWNkLmNvbTAmBggrBgEF
+BQcwAoYaaHR0cDovL3RxLnN5bWNiLmNvbS90cS5jcnQwIQYDVR0RBBowGIIWdmFs
+aWQtcm9vdDgudGhhd3RlLmNvbTAfBgNVHSMEGDAWgBRbM681oBoZN0INV+a8vWtj
+IMKWATCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA3esdK3oNT6Ygi4GtgWhw
+fi6OnQHVXIiNPRHEzbbsvswAAAFb+KihvQAABAMARzBFAiBghdkYlqbxNHmxETaN
+TKTcLlmD8amIlOWP7KnL9/WrBAIhANAssLlY1gvBLJ61ULFbdrVTMi1dqMXPBec8
+LfKdwER4AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFb+Kih
+ywAABAMARzBFAiAW4sOV17H0V1n4pwnfeeKflHLmr1t4pB9KBCYGh0NaEgIhAMUI
+rLg1SuTCV2pXxRvWkzIAiifaJcPbxPhEp4DGz2d5AHUA7ku9t3XOYLrhQmkfq+Ge
+ZqMPfl+wctiDAMR7iXqo/csAAAFb+Kih/AAABAMARjBEAiA1u/TczjmZ5EDB4Jue
+TYEUyFHFDj3ytCItXk6vzcVPYgIgT6Yc1ugrgocOLqpDsRoQ7Jll/5PIi7QFg5N8
+//OhX+kwCgYIKoZIzj0EAwIDRwAwRAIgCK09KwyaiPsZZMtkjCec9zeVx7YRk8oh
+PvV2UnQf6sQCIAfYgjH7ZQeIKCMi4ctdTja1ng/lU8ibnkpU5NDZGaTN
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAwagAwIBAgIQH/L8vGMmqr0oZpOZH0PsITAKBggqhkjOPQQDAzCBhDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp
+IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi
+BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0xNjAxMDcwMDAw
+MDBaFw0yNjAxMDYyMzU5NTlaMEMxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3
+dGUsIEluYy4xHTAbBgNVBAMTFHRoYXd0ZSBFQ0MgRVYgU1NMIENBMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEmcXM1zsNS0E2+7pcpYHdwqumr+KIIt3jEJA6jBBm
+1SoBGgZESt6OKROJBt2sZJhUl4oU0q5kINTS/bG+eYTTlqOCAZgwggGUMA4GA1Ud
+DwEB/wQEAwIBBjAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGGEmh0dHA6Ly90
+LnN5bWNkLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHwGA1UdIAR1MHMwBwYFZ4EM
+AQEwaAYLYIZIAYb4RQEHMAEwWTAmBggrBgEFBQcCARYaaHR0cHM6Ly93d3cudGhh
+d3RlLmNvbS9jcHMwLwYIKwYBBQUHAgIwIxohaHR0cHM6Ly93d3cudGhhd3RlLmNv
+bS9yZXBvc2l0b3J5MDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly90LnN5bWNiLmNv
+bS9UaGF3dGVQQ0EtRzIuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjArBgNVHREEJDAipCAwHjEcMBoGA1UEAxMTU1lNQy1FQ0MtQ0EtcDI1Ni0zMTAd
+BgNVHQ4EFgQUWzOvNaAaGTdCDVfmvL1rYyDClgEwHwYDVR0jBBgwFoAUmtgAMADn
+a3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaAAwZQIwMMf+C0NMBVt58Of4YvVO
+mVS0OYfzEiB4AOz8QF9pmEyaCAelGeOmq2pOLDEsQbKzAjEA2WTDVMhnnJI3NSnD
+itmCtBQnW6NEAohvLUsB4iVehDAJK3mNY8FbYafl4LjFzA4V
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/thawteprimaryrootcag3-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,67 @@
+-----BEGIN CERTIFICATE-----
+MIIG2TCCBcGgAwIBAgIQdS+C2M35zv3l1EWcCL2MfTANBgkqhkiG9w0BAQsFADBX
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMTEwLwYDVQQDEyh0
+aGF3dGUgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTSEEyNTYgU1NMIENBMB4XDTE3MDUw
+ODAwMDAwMFoXDTE5MDUwODIzNTk1OVowgewxEzARBgsrBgEEAYI3PAIBAxMCVVMx
+GTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxFTATBgNVBAoMDFRoYXd0ZSwgSW5j
+LjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1v
+dW50YWluIFZpZXcxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD
+VQQFEwczODk4MjYxMRcwFQYDVQQLDA5Sb290IDkgLSBWQUxJRDEfMB0GA1UEAwwW
+dmFsaWQtcm9vdDkudGhhd3RlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMGMwXWgvpsjK9b7JwFIs8Ch6EORhDfWRMk16KGdnO0jeIh1D4NRi1GL
+g0WcHiW06dFOF9UaT/Lg66mJLjHguftTHSoi9/cuMHcy0gbbWR+j+6RMxr7RwI6S
+eC8VesPWxM+5xW6bI+QBWq678ZK8JYr/cALXX+8ekDhY8vswIdzkUp7qHekkoja6
+4ki2JyJO4Q/uf/gWfohsGc88fEiMAQi3qhyZlHm7QzjeUoB0WgPC+CVB+vxSmZip
+6rkfjgPeKPlM1tqIAPjQWnQbdi2AvYCOUT0ZvVPPmsbINp7IMdAZmv9yF5qoW36A
+oFtBL3wLNe7w+lm5ZnZ15DHB2b2gDAECAwEAAaOCAwkwggMFMCEGA1UdEQQaMBiC
+FnZhbGlkLXJvb3Q5LnRoYXd0ZS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC
+BaAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3RmLnN5bWNiLmNvbS90Zi5jcmww
+fAYDVR0gBHUwczBoBgtghkgBhvhFAQcwATBZMCYGCCsGAQUFBwIBFhpodHRwczov
+L3d3dy50aGF3dGUuY29tL2NwczAvBggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50
+aGF3dGUuY29tL3JlcG9zaXRvcnkwBwYFZ4EMAQEwHQYDVR0lBBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFDskyDGgt1rQarjSygd0zB4k1MTcMFcG
+CCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3RmLnN5bWNkLmNvbTAm
+BggrBgEFBQcwAoYaaHR0cDovL3RmLnN5bWNiLmNvbS90Zi5jcnQwggF/BgorBgEE
+AdZ5AgQCBIIBbwSCAWsBaQB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM22
+7L7MAAABW+pl8UMAAAQDAEcwRQIhAMdGpN45mO8sPe9cyqC2vxeA7kwbpPL4Ie1Z
+qP8A8YSmAiB+O2TOyUyg9TE31kCYyimqMS5tycpG8qTusAi6VClvAAB2AKS5CZC0
+GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABW+pl8i4AAAQDAEcwRQIhALoI
+UwV2CIRu4MVgjNYTnVdKI6ZeklPdb9IQzEYBLI5OAiAgR+WX0RgWiOmn0Khon7ck
+QEQ0H+j9VSFAuTqxFNWzXwB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6
+qP3LAAABW+pl8ZMAAAQDAEgwRgIhAO/SefmFUyrtfsa1WjfN3WRG2pVSRCqaSxc7
+8pbqk7ynAiEA12r243Cr4IWKQdp6IoTqeULQZfZEGGnIUQxVG9yRzdcwDQYJKoZI
+hvcNAQELBQADggEBALcczMzw4qLLwR1hbM2qnzs+Ng4ByHPaDcwIZzGlxLCTOjZc
+AaVc8TA/MRUQBFxWto2fLmVIoFNS9EceKOx9VWcNK+9gYKkLl0K4amLTWWW+uShT
+DooJSdkP2fX2QB1jNsD1jH+44aG6Ll94HEgz88ziVeUH5T0yM3Fou1axDVI1ADKE
+Z0UsdhlTIDKcTndv3Wk6HZz2wxtvt3Z3Eenr/6TQuipGCBpfRccVRVhrpIsylVtp
+9UkD0UpX0VRgyrQOIXmtbL0WmPodfxB8crczcd6C0Yy2A77torg72fAyUtKmaBBZ
+ajj05MMBn8QmmnAZ0pXxvFTnD8MhOZ0nBccJnQM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIE0DCCA7igAwIBAgIQCkieiFN+iqZFTW4sSyrrIDANBgkqhkiG9w0BAQsFADCB
+rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
+BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0xMzA0MDkwMDAwMDBa
+Fw0yMzA0MDgyMzU5NTlaMFcxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUs
+IEluYy4xMTAvBgNVBAMTKHRoYXd0ZSBFeHRlbmRlZCBWYWxpZGF0aW9uIFNIQTI1
+NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyxLx06CX2
+AGIo40zouN8Tn4sHN+9iSvFXCfaC6HXwCqknz5M77DaJpW4d1lTzuASXcrRpJczR
+Qg5b1Rx/omBusVIa25MvuwsNZFMWyxwJJJUpIrSKGACJ/vcfcsjoXC8aG6IYuO8Y
+XMu12zpO2w+u38R54x6qXKOk5axhmzeFj0h1G7nVaJbpJ3lwVyMau2yTkMdF1xfS
+Nyp2s82CqU/AA3vhPXp+W7iF8vUV+3CpvfVQZRad47ZrYW6hep7oDRz3Ko5pfkMw
+jnjO7mUeO5uHHkkc+DJGXShGeSpOJ10XWKg3/qgTqWkV3zYiiXW6ygFALu2d1wyq
+Mc4nrlfV0lH7AgMBAAGjggE+MIIBOjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud
+DwEB/wQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9v
+Y3NwLnRoYXd0ZS5jb20wOwYDVR0gBDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEW
+Gmh0dHBzOi8vd3d3LnRoYXd0ZS5jb20vY3BzMDcGA1UdHwQwMC4wLKAqoCiGJmh0
+dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQQ0EtRzMuY3JsMCoGA1UdEQQjMCGk
+HzAdMRswGQYDVQQDExJWZXJpU2lnbk1QS0ktMi0zNzQwHQYDVR0OBBYEFDskyDGg
+t1rQarjSygd0zB4k1MTcMB8GA1UdIwQYMBaAFK1sqpRgnO3k//o+CnQrYwP3tlm/
+MA0GCSqGSIb3DQEBCwUAA4IBAQBomCaq1DPJunVw1J9JrdbBVNzuqlYfeKfwoaTu
+C/kSr9+muO7DyzUTalkq+MnpTC+8sbwrwgIw4cO+wvCBjJl3iVgAo8x/owJMU7Ju
+Nk/+34d2sz/sWmJQtgBFWPKHrHfm0CBQY8XksnAVGJAFe3uvK0a+a04fU/yEJ66D
+0o1HU6cOH2O1utsW2GoJJVV9jz1KwYP5s7mnBFrI8xEEkVMw2VKHyzkAnOxTwwIJ
+fqc2jnIhLyO7TMZHpaHuZ8QvXDpHOGHiwx43kp7IL2v679LDzSmNmPhSF+21Uzzf
+r8kbYq3fAu5dNPZBS8vDVa+xy9qcc9UCqC2nrPzh5QfQUeg1
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g3ca-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIHIDCCBgigAwIBAgIQS0wGL8U0T0yVa8wAE4DBqjANBgkqhkiG9w0BAQsFADB+
+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
+BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
+IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDUwMTAwMDAwMFoX
+DTIwMDQzMDIzNTk1OVowgaExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
+bmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MR0wGwYDVQQKDBRTeW1hbnRlYyBD
+b3Jwb3JhdGlvbjEXMBUGA1UECwwOUm9vdCA0IC0gVkFMSUQxLTArBgNVBAMMJHZh
+bGlkLXJvb3Q0LndlYnNlY3VyaXR5LnN5bWFudGVjLmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALll3Mb7Fu0CAWPMWpSbr6RHdAl10hwmMaDr8ENk
+hAv3offJxsUmgS+vqCC+xQNiS5ClDeOLyf5QeltArLuaYNjUaXEy00EEuXFQO5kj
+HjTdsWeEkOxzmt2thAJx8eMbskvvtqnHHali2LFIOuMXuyS9mpkk7cG1yk85LvgZ
+Ov1xrpBCuB+ppir0MhhXRLmcZ9QMgVUzfjrmQoQWHE0Qu69Mci6mk7fuBboqaPe0
+v0s2KsA1tLSknn39HrXE3d5D1AOoLJP1RiHU+RFQIOJ0oiXPZSH0bdiWhO0xcyuo
+vXY+0vaQPO1Uwrj/VdpL7bs65dgdFqXpTdqvMURu5WoDumUCAwEAAaOCA3QwggNw
+MC8GA1UdEQQoMCaCJHZhbGlkLXJvb3Q0LndlYnNlY3VyaXR5LnN5bWFudGVjLmNv
+bTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYX
+aHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9k
+LnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8w
+KwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYI
+KwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYG
+CCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCCAfcGCisGAQQB
+1nkCBAIEggHnBIIB4wHhAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbs
+vswAAAFbxYEdRwAABAMARzBFAiEAurXvGE124ya7O5ZjYZckdJ7OU64A4fEAszhI
+UG3OqMACIGbAqoQLGMr9sMYBqS3cPxtD6EIK8BXzBaYHOe3pGhcXAHYApLkJkLQY
+WBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFbxYEdagAABAMARzBFAiBY4mXZ
+w8zBWrVURFxwmQGf046/oaidgJQ3Wf9+AlJ+7AIhANWkGBd6nlwE8V/dzQvkjnTz
+2edJKGy2NqgyxinZMAbWAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo
+/csAAAFbxYEfSwAABAMASDBGAiEAltQbZJ9+Gt1M+YV4YBJVR63aPhk1dFIyKdQL
+yjYdBh0CIQDUGxHmR2KVW8N6wHnAGFlUhcwlBJFoiTqaSRP/1Yk0wAB2ALx44d/F
+9jxoRkkzTaEPoV8JeWkgCcCBtPP2kX8+2bilAAABW8WBHkcAAAQDAEcwRQIgFqqM
+DTAo3RKfwU9gwkD53Zr1HXPJuoI/MhwHQgc8nvkCIQDbwhd3gOdRJhtMyGqxGqr7
+sbD43D/fkyH3BNWOhff04TANBgkqhkiG9w0BAQsFAAOCAQEAQkWtNshWRmFY1t1Y
+pH3Ztxd891f4VYLtBzrpapejHIe5ijlZES2d+x4+aCilVUo6sDs0RUgy5Jk9eU5I
+6vOh+NkZ1THFqod+w5FKPgDaDuHHryvRaiGdcpn9x5R7zkpgKQ1WqgvcbzAmZkAr
+YxpvXfTLhcgbQhPedxbS5YyU1y1QCi8MUrxTwejcFDhAQXGOW3cTMpGsXtRvQVE0
+iI93jCPb3Djpqus9SS7ggzkfJe3bQpl72bv2agn5peBJa0sC1PqRXIT/cWUQe9ez
+rKSDoqdPNjTmIcJjql50T+WceNF5nxNPCq+jhMOcmKXJUF3H6yYc8pjLuDDBAFFz
+uxAuxw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFTCCA/2gAwIBAgIQKC4nkXkzkuQo8iGnTsk3rjANBgkqhkiG9w0BAQsFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMTk5OSBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzMwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw
+CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
+BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs
+YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb
+A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW
+9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu
+s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T
+L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK
+Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBQDCCATwwHQYDVR0O
+BBYEFF9gz2GQVd+EQxSKYCqy9Xr0QxjvMBIGA1UdEwEB/wQIMAYBAf8CAQAwawYD
+VR0gBGQwYjBgBgpghkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu
+c3ltYXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0
+aC5jb20vcnBhMC8GA1UdHwQoMCYwJKAioCCGHmh0dHA6Ly9zLnN5bWNiLmNvbS9w
+Y2EzLWczLmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNV
+BAMTEVN5bWFudGVjUEtJLTEtNTM0MC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcw
+AYYSaHR0cDovL3Muc3ltY2QuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBbF1K+1lZ7
+9Pc0CUuWysf2IdBpgO/nmhnoJOJ/2S9h3RPrWmXk4WqQy04q6YoW51KN9kMbRwUN
+gKOomv4p07wdKNWlStRxPA91xQtzPwBIZXkNq2oeJQzAAt5mrL1LBmuaV4oqgX5n
+m7pSYHPEFfe7wVDJCKW6V0o6GxBzHOF7tpQDS65RsIJAOloknO4NWF2uuil6yjOe
+soHCL47BJ89A8AShP/U3wsr8rFNtqVNpT+F2ZAwlgak3A/I5czTSwXx4GByoaxbn
+5+CdKa/Y5Gk5eZVpuXtcXQGc1PfzSEUTZJXXCm5y2kMiJG8+WnDcwJLgLeVX+OQr
+J+71/xuzAYN6
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g4ca-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,56 @@
+-----BEGIN CERTIFICATE-----
+MIIFxDCCBWmgAwIBAgIQZMjAlhAdRd/Im/aYbmgO8DAKBggqhkjOPQQDAjCBizEL
+MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
+VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBD
+bGFzcyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwHhcNMTcw
+NTAxMDAwMDAwWhcNMTkwNTAxMjM1OTU5WjCCAS0xEzARBgsrBgEEAYI3PAIBAxMC
+VVMxGTAXBgsrBgEEAYI3PAIBAgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUg
+T3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMQswCQYDVQQGEwJVUzEOMAwG
+A1UEEQwFOTQwNDMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50
+YWluIFZpZXcxGTAXBgNVBAkMEDM1MCBFbGxpcyBTdHJlZXQxHTAbBgNVBAoMFFN5
+bWFudGVjIENvcnBvcmF0aW9uMRcwFQYDVQQLDA5Sb290IDMgLSBWQUxJRDEtMCsG
+A1UEAwwkdmFsaWQtcm9vdDMud2Vic2VjdXJpdHkuc3ltYW50ZWMuY29tMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAERAIBieoafYh/yFaVSP+vyzoxzZ/zKy4tx7o0
+R1gugD5SArEcRar0oodVQ99eJkT63Xn910gGKx4cP+CM+jZfJqOCAwgwggMEMC8G
+A1UdEQQoMCaCJHZhbGlkLXJvb3QzLndlYnNlY3VyaXR5LnN5bWFudGVjLmNvbTAJ
+BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwbwYDVR0gBGgwZjBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIB
+FhdodHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczov
+L2Quc3ltY2IuY29tL3JwYTAHBgVngQwBATAfBgNVHSMEGDAWgBRIE2UXlOyeFioq
+dFzoUy20+4PrjjArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc24uc3ltY2IuY29t
+L3NuLmNybDBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zbi5z
+eW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9zbi5zeW1jYi5jb20vc24uY3J0
+MIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcAdgDd6x0reg1PpiCLga2BaHB+Lo6d
+AdVciI09EcTNtuy+zAAAAVvFgWTjAAAEAwBHMEUCIF7mhfWFvkMauS0jlQz7t/fO
+nDXX+VeHwI7YIHU3Wvg5AiEA97a9fZzAjALA1VTaXOv/WSDyEzA/X9YPesI4Aq+4
+da8AdQCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAAAVvFgWUIAAAE
+AwBGMEQCIAM5H16X3/vPGds9N8b7Q3+H8cFe7woTT9ddKPfUyLZJAiAF8FivrVBd
+wJ5rjxxJOwPSrlkRV2vhbKfSbJH0lDq1XQB2AO5Lvbd1zmC64UJpH6vhnmajD35f
+sHLYgwDEe4l6qP3LAAABW8WBZRoAAAQDAEcwRQIgRpro/bdvZbK5eW5FTbTqGUTi
+W5RSpjcFW2Gd27Ql6bACIQCgow7825ZtJ31KRYJ2fiTlqvc6jyZ+u67hFT4qs/1Q
+oDAKBggqhkjOPQQDAgNJADBGAiEAl565i7SXROFdn7y+hM0AgChi/75FGmaokJaj
+h9jhmiMCIQCqIZZ4SuOgBbkt7bMOSI1sOtFqhlsGVXwZKjzSaIFSYA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID4zCCA2qgAwIBAgIQTZVdIK+FxJ9pJfurfGZfiTAKBggqhkjOPQQDAzCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzQwHhcNMTIxMjIwMDAwMDAwWhcNMjIxMjE5MjM1OTU5WjCBizELMAkG
+A1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQL
+ExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTwwOgYDVQQDEzNTeW1hbnRlYyBDbGFz
+cyAzIEVDQyAyNTYgYml0IEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAATdBD2y8pCTl8bpu7yR21Hwo4bt+8bThZMyBUngBINh
+llH/VyGuC9oO5wShf9sqHL3KmDXFcXNAzehqq1SEQybio4IBbTCCAWkwEgYDVR0T
+AQH/BAgwBgEB/wIBADA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLndzLnN5
+bWFudGVjLmNvbS9wY2EzLWc0LmNybDAOBgNVHQ8BAf8EBAMCAQYwNwYIKwYBBQUH
+AQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC53cy5zeW1hbnRlYy5jb20w
+ZQYDVR0gBF4wXDBaBgRVHSAAMFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3lt
+YXV0aC5jb20vY3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5j
+b20vcnBhMCoGA1UdEQQjMCGkHzAdMRswGQYDVQQDExJTWU1DLUVDQy1DQS1wMjU2
+LTMwHQYDVR0OBBYEFEgTZReU7J4WKip0XOhTLbT7g+uOMB8GA1UdIwQYMBaAFLMW
+kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2cAMGQCMFyb7oOjdk2MLQVM
+gjS6s77Oj+jDNIH7QHfoNGxbFys7rdWno9LzZsJPsrDIdpiPvwIwT8IvzpLFqb3O
+fU7UGztmJOpOzYKvVEqI7+O/OpNjVCF9EjDSMs2ryYGwpxFDe0Vm
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g5ca-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,71 @@
+-----BEGIN CERTIFICATE-----
+MIIHOTCCBiGgAwIBAgIQCBmps2cB8a6CGTXUyg9ZzjANBgkqhkiG9w0BAQsFADB3
+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
+BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
+IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTcwNDI4MDAwMDAwWhcNMTkwNDI4
+MjM1OTU5WjCCAS0xEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIB
+AgwIRGVsYXdhcmUxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYD
+VQQFEwcyMTU4MTEzMQswCQYDVQQGEwJVUzEOMAwGA1UEEQwFOTQwNDMxEzARBgNV
+BAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxGTAXBgNVBAkM
+EDM1MCBFbGxpcyBTdHJlZXQxHTAbBgNVBAoMFFN5bWFudGVjIENvcnBvcmF0aW9u
+MRcwFQYDVQQLDA5Sb290IDEgLSBWQUxJRDEtMCsGA1UEAwwkdmFsaWQtcm9vdDEu
+d2Vic2VjdXJpdHkuc3ltYW50ZWMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEApbJSThUcOfpFWl6PyOeFqED399DWeBcBoAMdXkPfatQ+uJPeRryZ
+4UfC1iuQWQM6agDrMhDmnc+IiBiltbF0PVEHkQXxfR6x6TFF1doWDxVfOgl2y9Pz
+ilRgdBdGmnQsWbYqaKlCBS3aZ2jCZMUAKmQce8WNLEf8qDjQcHRT1vI2k5AW3+L0
+FccXRSFXx2wZUAh9qxa2gKxEjnUF+qy42WEgh/mXD4smbhtEf+pCUXPYuODlxOaA
+ZCy9SeBrKb5Nl3C9UzBhchONPQLUgzlk8d0M17pFLYKLfa8MvBcKRVyTk7/XXdTj
+OmW5OO7f4epmXNlN5fHnGZlA5FE/4candwIDAQABo4IDBzCCAwMwLwYDVR0RBCgw
+JoIkdmFsaWQtcm9vdDEud2Vic2VjdXJpdHkuc3ltYW50ZWMuY29tMAkGA1UdEwQC
+MAAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
+AjBvBgNVHSAEaDBmMFsGC2CGSAGG+EUBBxcGMEwwIwYIKwYBBQUHAgEWF2h0dHBz
+Oi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1j
+Yi5jb20vcnBhMAcGBWeBDAEBMB8GA1UdIwQYMBaAFAFZq+fdOgtZpmRj1s8gB1fV
+kedqMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3Js
+MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL3NyLnN5bWNkLmNv
+bTAmBggrBgEFBQcwAoYaaHR0cDovL3NyLnN5bWNiLmNvbS9zci5jcnQwggF8Bgor
+BgEEAdZ5AgQCBIIBbASCAWgBZgB2AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0R
+xM227L7MAAABW7a3ZxAAAAQDAEcwRQIgeoFObGH+PGc5LRj+f1yzoG3TGHrPQA/z
+nRsNG1MXNXACIQCVd5wZWbP1+hp4kaE1sYgUnSiRFN3kfMf5uUQysYvkSwB1AKS5
+CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABW7a3Z1AAAAQDAEYwRAIg
+MRBDGE2dq1xzPDJ9tKzDTwKP5rC4DrjHZbmtYiZZh3sCIDCMlTV8bpEeeq2evzna
+Xq/930hOaclzf4pXEwUHmW/HAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7
+iXqo/csAAAFbtrdpDwAABAMARjBEAiBQpNfvWoFAkIraeupW8zM804c8XvlLIbX4
+6kCYS04HbQIgOmEunrjYREwtG5Rdk1Vd01Fp7lR42AgJ/LQFn7DmXigwDQYJKoZI
+hvcNAQELBQADggEBAKlkTQil8u0sfwLdpfFmtUvFexhx4C8gTsZwZeN/40n+S4xR
+b6U3rEHIKlFAelipc5EzeYIsJKHGP5qHSs7m7jPKBrf0KsoryvZrSfhMfXDHvrJF
+RpF0Rs1VODoK2l/1CosUZ9rTqEjQcv7kUvFvgZpNIoV++k/Y2TsoBsLliRdXKpL8
+SQADr18BlEt1Y8A7E77lJFMmgD4bFN1jJWkEJoAGkrYqsF6i8fAHiESjSLy85Bcs
+DGXgP4z8Nifje78wGVygI/4NYgYiFClsk8epBHXOveEV5HRO42XzPG0Zn0BMWCSI
+0P08Lq3dwSQSQarkID6iRuhgt4GZvm3zh6MdfrA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw
+CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
+BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs
+YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9
+FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM
+BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL
+pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu
+IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c
+zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj
+MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw
+BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov
+L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z
+eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi
+LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx
+GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk
+Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq
+hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F
+nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE
+qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P
+eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw
+LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j
+2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q==
+-----END CERTIFICATE-----
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignclass3g5ca-codesigning-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,170 @@
+Signer #1:
+
+Signature:
+
+Certificate owner: CN="Oracle America, Inc.", OU=Software Engineering, O="Oracle America, Inc.", L=Redwood City, ST=California, C=US
+
+-----BEGIN CERTIFICATE-----
+MIIE4DCCA8igAwIBAgIQMJBKmqOhTgIuAsUw5l33hTANBgkqhkiG9w0BAQsFADB/
+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
+BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxMDAuBgNVBAMTJ1N5bWFudGVj
+IENsYXNzIDMgU0hBMjU2IENvZGUgU2lnbmluZyBDQTAeFw0xNzEyMjEwMDAwMDBa
+Fw0yMDAyMDEyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZv
+cm5pYTEVMBMGA1UEBwwMUmVkd29vZCBDaXR5MR0wGwYDVQQKDBRPcmFjbGUgQW1l
+cmljYSwgSW5jLjEdMBsGA1UECwwUU29mdHdhcmUgRW5naW5lZXJpbmcxHTAbBgNV
+BAMMFE9yYWNsZSBBbWVyaWNhLCBJbmMuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxrxa5UAMwofgt7m++glHqMSYP3nlTDxRnWu14FtVtQiaacn20u3w
+T5d+5mkoezHXNU3g1sgwkr/Ovf4YVSwz9wtqZWTbK3/r6Ctb9eRxb2th64N4AuDI
+R9C/LU2J7ruXsu7FpEhXMIdNLxR4ihfkBA5ndpNqmXmIG9HvFQkd8APsSFRpMQh7
+Com1YlbkySgMyjBwYfAw74bqNrClBmLNAVfq7JSqjJ8EJtlq6lEJWHXEYysZfRIf
+StxZ0XtKD3wtADeowBHs1DRnXrkgD/q3kWX5LF75nfHtRWEtHxWKk7/R452pweIv
+ZZYXsvSrRA3vC+jbbhtZiRYRk2QCXsUxrQIDAQABo4IBPjCCATowCQYDVR0TBAIw
+ADAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwYQYDVR0gBFow
+WDBWBgZngQwBBAEwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9j
+cHMwJQYIKwYBBQUHAgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0j
+BBgwFoAUljtT8Hkzl699g+8uK8zKt4YecmYwKwYDVR0fBCQwIjAgoB6gHIYaaHR0
+cDovL3N2LnN5bWNiLmNvbS9zdi5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUF
+BzABhhNodHRwOi8vc3Yuc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Yu
+c3ltY2IuY29tL3N2LmNydDANBgkqhkiG9w0BAQsFAAOCAQEAQcZqmjMAuBgnaQZ5
+JsP3+Rzaa5FrukVVk2brqrJFnqt/79khvfCf95pBafHHCqdndB0T4xuzBL4fk2ZW
+Z48ACgq3U6oNP9Ci4pcDuTqU/vZHwh7ICkSWLhGzpErfwby7zZV9ZeIK0AB5vJCK
+qgL4DetXgqGOm29gAjTKcXa67jP9lX6tAdh9TcQDbBbGny3NHGAiCderJxTOYhid
+9+4v+p+lt2OPxlxmZMPnT/9U2Yp3OzH//OYgQysnwy/UkSVCa2DuMPbL4LTxwV65
+nwEU3jT0Iq7io+oEcjW5FTZDgVC2A7lDVVrNlbAW/f5QoKcmyw8hDLo7TH6tDv8n
+hhKFDg==
+-----END CERTIFICATE-----
+
+Certificate owner: CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
+
+-----BEGIN CERTIFICATE-----
+MIIFWTCCBEGgAwIBAgIQPXjX+XZJYLJhffTwHsqGKjANBgkqhkiG9w0BAQsFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMTMxMjEwMDAwMDAwWhcNMjMxMjA5MjM1OTU5WjB/MQsw
+CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
+BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxMDAuBgNVBAMTJ1N5bWFudGVjIENs
+YXNzIDMgU0hBMjU2IENvZGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJeDHgAWryyx0gjE12iTUWAecfbiR7TbWE0jYmq0v1obUfej
+DRh3aLvYNqsvIVDanvPnXydOC8KXyAlwk6naXA1OpA2RoLTsFM6RclQuzqPbROlS
+Gz9BPMpK5KrA6DmrU8wh0MzPf5vmwsxYaoIV7j02zxzFlwckjvF7vjEtPW7ctZlC
+n0thlV8ccO4XfduL5WGJeMdoG68ReBqYrsRVR1PZszLWoQ5GQMWXkorRU6eZW4U1
+V9Pqk2JhIArHMHckEU1ig7a6e2iCMe5lyt/51Y2yNdyMK29qclxghJzyDJRewFZS
+AEjM0/ilfd4v1xPkOKiE1Ua4E4bCG53qWjjdm9sCAwEAAaOCAYMwggF/MC8GCCsG
+AQUFBwEBBCMwITAfBggrBgEFBQcwAYYTaHR0cDovL3MyLnN5bWNiLmNvbTASBgNV
+HRMBAf8ECDAGAQH/AgEAMGwGA1UdIARlMGMwYQYLYIZIAYb4RQEHFwMwUjAmBggr
+BgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIw
+HBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYf
+aHR0cDovL3MxLnN5bWNiLmNvbS9wY2EzLWc1LmNybDAdBgNVHSUEFjAUBggrBgEF
+BQcDAgYIKwYBBQUHAwMwDgYDVR0PAQH/BAQDAgEGMCkGA1UdEQQiMCCkHjAcMRow
+GAYDVQQDExFTeW1hbnRlY1BLSS0xLTU2NzAdBgNVHQ4EFgQUljtT8Hkzl699g+8u
+K8zKt4YecmYwHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZI
+hvcNAQELBQADggEBABOFGh5pqTf3oL2kr34dYVP+nYxeDKZ1HngXI9397BoDVTn7
+cZXHZVqnjjDSRFph23Bv2iEFwi5zuknx0ZP+XcnNXgPgiZ4/dB7X9ziLqdbPuzUv
+M1ioklbRyE07guZ5hBb8KLCxR/Mdoj7uh9mmf6RWpT+thC4p3ny8qKqjPQQB6rqT
+og5QIikXTIfkOhFf1qQliZsFay+0yQFMJ3sLrBkFIqBgFT/ayftNTI/7cmd3/SeU
+x7o1DohJ/o39KK9KEr0Ns5cF3kQMFfo2KwPcwVAB8aERXRTl4r0nS1S+K4ReD6bD
+dAUK75fDiSKxH3fzvc1D1PFMqT+1i4SvZPLQFCE=
+-----END CERTIFICATE-----
+
+Certificate owner: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
+
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
+nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
+t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
+SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
+BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
+rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
+NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
+BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
+MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
+p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
+5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
+WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
+4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
+hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+-----END CERTIFICATE-----
+
+Timestamp:
+
+Certificate owner: CN=Symantec SHA256 TimeStamping Signer - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US
+
+-----BEGIN CERTIFICATE-----
+MIIFSzCCBDOgAwIBAgIQVFjyqtdB1kS8hKl7oJZS5jANBgkqhkiG9w0BAQsFADB3
+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
+BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj
+IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMTcwMTAyMDAwMDAwWhcNMjgwNDAx
+MjM1OTU5WjCBgDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBv
+cmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQD
+EyhTeW1hbnRlYyBTSEEyNTYgVGltZVN0YW1waW5nIFNpZ25lciAtIEcyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfP82AQJA4b511ymk8BCfOp8Y89d
+AOKO88CQ348p9RjqlLeS5dewoHOB6OkKm0p8Af+dj6Q5pw7qRfQiDDpw7TlFi+TF
+G1zwRWhGJAVjdpsc/J5sKrFW5Yp/UnGu8jXVRiMGHM9ILR20zbjZdiOOHP8+v7sG
+XGkHpmUO+F6ufS7tTa4178nXAEL9KJUOn11yQgm8w9pE0u3MR4Tk/MotrFi+rveu
+2UQNCLfCd9YaQ3DRbgPeUpLEEAhx2boiVfIfvO2bnTviXh1Mg/+XD3sL51WDTtIN
+677X7K5uR7mf36XWUbwEVe3/J3BMye0qSxPhsblMD8kB7lVlX2kCeGbLPwIDAQAB
+o4IBxzCCAcMwDAYDVR0TAQH/BAIwADBmBgNVHSAEXzBdMFsGC2CGSAGG+EUBBxcD
+MEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUF
+BwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMEAGA1UdHwQ5MDcwNaAzoDGG
+L2h0dHA6Ly90cy1jcmwud3Muc3ltYW50ZWMuY29tL3NoYTI1Ni10c3MtY2EuY3Js
+MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDB3BggrBgEF
+BQcBAQRrMGkwKgYIKwYBBQUHMAGGHmh0dHA6Ly90cy1vY3NwLndzLnN5bWFudGVj
+LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL3RzLWFpYS53cy5zeW1hbnRlYy5jb20v
+c2hhMjU2LXRzcy1jYS5jZXIwKAYDVR0RBCEwH6QdMBsxGTAXBgNVBAMTEFRpbWVT
+dGFtcC0yMDQ4LTUwHQYDVR0OBBYEFAm1wf6WcpcpQ5rJ4AK6rvj9L7r2MB8GA1Ud
+IwQYMBaAFK9j1sqjToVy4Ke8QfMpojh/gHViMA0GCSqGSIb3DQEBCwUAA4IBAQAX
+swqI6VxaXiBrOwoVsmzFqYoyh9Ox9BxTroW+P5v/17y3lIW0x1J+lOi97WGy1KeZ
+5MPJk8E1PQvoaApdVpi9sSI70UR617/wbVEyitUj3zgBN/biUyt6KxGPt01sejMD
+G3xrCZQXu+TbWNQhE2Xn7NElyix1mpx//Mm7KmirxH20z6PJbKfZxACciQp3kfRN
+ovsxO4Zu9uYfUAOGm7/LQqvmdptyWhEBisbvpW+V592uuuYiZfAYWRsRyc2At9iX
+Rx9CCPiscR+wRlOz1LLVo6tQdUgSF4Ktz+BBTzJ+zZUcv5GKCD2kp2cClt8kTKXQ
+QcCCYKOKFzJL07zPpLSM
+-----END CERTIFICATE-----
+
+Certificate owner: CN=Symantec SHA256 TimeStamping CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
+
+-----BEGIN CERTIFICATE-----
+MIIFODCCBCCgAwIBAgIQewWx1EloUUT3yYnSnBmdEjANBgkqhkiG9w0BAQsFADCB
+vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W
+ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0xNjAxMTIwMDAwMDBaFw0zMTAxMTEyMzU5NTlaMHcxCzAJBgNVBAYTAlVTMR0w
+GwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMg
+VHJ1c3QgTmV0d29yazEoMCYGA1UEAxMfU3ltYW50ZWMgU0hBMjU2IFRpbWVTdGFt
+cGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALtZnVlVT52M
+cl0agaLrVfOwAa08cawyjwVrhponADKXak3JZBRLKbvC2Sm5Luxjs+HPPwtWkPhi
+G37rpgfi3n9ebUA41JEG50F8eRzLy60bv9iVkfPw7mz4rZY5Ln/BJ7h4OcWEpe3t
+r4eOzo3HberSmLU6Hx45ncP0mqj0hOHE0XxxxgYptD/kgw0mw3sIPk35CrczSf/K
+O9T1sptL4YiZGvXA6TMU1t/HgNuR7v68kldyd/TNqMz+CfWTN76ViGrF3PSxS9TO
+6AmRX7WEeTWKeKwZMo8jwTJBG1kOqT6xzPnWK++32OTVHW0ROpL2k8mc40juu1MO
+1DaXhnjFoTcCAwEAAaOCAXcwggFzMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
+CDAGAQH/AgEAMGYGA1UdIARfMF0wWwYLYIZIAYb4RQEHFwMwTDAjBggrBgEFBQcC
+ARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6
+Ly9kLnN5bWNiLmNvbS9ycGEwLgYIKwYBBQUHAQEEIjAgMB4GCCsGAQUFBzABhhJo
+dHRwOi8vcy5zeW1jZC5jb20wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL3Muc3lt
+Y2IuY29tL3VuaXZlcnNhbC1yb290LmNybDATBgNVHSUEDDAKBggrBgEFBQcDCDAo
+BgNVHREEITAfpB0wGzEZMBcGA1UEAxMQVGltZVN0YW1wLTIwNDgtMzAdBgNVHQ4E
+FgQUr2PWyqNOhXLgp7xB8ymiOH+AdWIwHwYDVR0jBBgwFoAUtnf6aUhHn1MS1cLq
+BzJ2B9GXBxkwDQYJKoZIhvcNAQELBQADggEBAHXqsC3VNBlcMkX+DuHUT6Z4wW/X
+6t3cT/OhyIGI96ePFeZAKa3mXfSi2VZkhHEwKt0eYRdmIFYGmBmNXXHy+Je8Cf0c
+kUfJ4uiNA/vMkC/WCmxOM+zWtJPITJBjSDlAIcTd1m6JmDy1mJfoqQa3CcmPU1dB
+kC/hHk1O3MoQeGxCbvC2xfhhXFL1TvZrjfdKer7zzf0D19n2A6gP41P3CnXsxnUu
+qmaFBJm3+AZX4cYO9uiv2uybGB+queM6AL/OipTLAduexzi7D1Kr0eOUA2AKTaD+
+J20UMvw/l0Dhv5mJ2+Q5FL3a5NPD6itas5VYVQR9x5rsIwONhSrS/66pYYE=
+-----END CERTIFICATE-----
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/X509TrustManagerImpl/Symantec/verisignuniversalrootca-chain.pem	Mon Apr 15 14:55:44 2019 +0100
@@ -0,0 +1,73 @@
+-----BEGIN CERTIFICATE-----
+MIIHTzCCBjegAwIBAgIQPYH1xfKSpwYMrTEqOxG4OzANBgkqhkiG9w0BAQsFADCB
+ijELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8w
+HQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTswOQYDVQQDEzJTeW1hbnRl
+YyBDbGFzcyAzIEV4dGVuZGVkIFZhbGlkYXRpb24gU0hBMjU2IFNTTCBDQTAeFw0x
+NzA1MDEwMDAwMDBaFw0xOTA1MDEyMzU5NTlaMIIBLTETMBEGCysGAQQBgjc8AgED
+EwJVUzEZMBcGCysGAQQBgjc8AgECDAhEZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0
+ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzIxNTgxMTMxCzAJBgNVBAYTAlVTMQ4w
+DAYDVQQRDAU5NDA0MzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91
+bnRhaW4gVmlldzEZMBcGA1UECQwQMzUwIEVsbGlzIFN0cmVldDEdMBsGA1UECgwU
+U3ltYW50ZWMgQ29ycG9yYXRpb24xFzAVBgNVBAsMDlJvb3QgMiAtIFZBTElEMS0w
+KwYDVQQDDCR2YWxpZC1yb290Mi53ZWJzZWN1cml0eS5zeW1hbnRlYy5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjQDZuIKKgrjmO0+0ty8WIlFZk
+HcvIGX/kIAxByd/XA19h0Zk6kjFLgZaRtsUdRotG40DST72Ki8Vmy7nX3w/cqpFg
+0x0nl7ZORE/L1EjEOUApqEpaA5GtcMaznu/SVVp2mZgoOWhn4EAvocT6GKQWaKi1
+/tCh6UiieHRz6L29CrN6/JWT6OXv6TGePkGcVKSjJrZoNMiNzoTFyCdvVpYutZiv
+YsMzcRJ+KxTepwFM1imssBGc5WM2Wit+Z3kWJhYe0IdOIdqmuR6WxwLGb7nrY44R
+dPy+h0n71GJvjbEzI+Qb/ehc8HjOGba0sh/+x/p14t7PplDZyicxzaC/tpTnAgMB
+AAGjggMJMIIDBTAvBgNVHREEKDAmgiR2YWxpZC1yb290Mi53ZWJzZWN1cml0eS5z
+eW1hbnRlYy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMG8GA1UdIARoMGYwWwYLYIZIAYb4RQEHFwYw
+TDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUH
+AgIwGQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwBwYFZ4EMAQEwHwYDVR0jBBgw
+FoAUsm3j5BQPjDxzQqZamRrTFHW2htswKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDov
+L3NoLnN5bWNiLmNvbS9zaC5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzAB
+hhNodHRwOi8vc2guc3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc2guc3lt
+Y2IuY29tL3NoLmNydDCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYA3esdK3oN
+T6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswAAAFbxYHx8wAABAMARzBFAiEAoZAV
+7qASZQXq7visy9vw4552zDWP/+K/8FmgvPpFHuACICl4k+7Omje9NoIRTwnPs4fm
+fqW4rDXzK+HKIGNfEmQ4AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN
+3BAAAAFbxYHyLgAABAMARzBFAiAuvBGEqgabzmMmG2Tzv1KjGR0nTtEz1R1XluNc
+w8NrnAIhAOBL9OgiJfN4SRq6Gmfesx8BJGFr7pDfpDKECGOT1uqZAHYA7ku9t3XO
+YLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFbxYHz8gAABAMARzBFAiEA2/T1
+kmfJQ/F0SrRDPozVMhaQW/ydrynOQovjsNJM3M0CIEN0T1ac8FsiatIVoxv690J3
+sIfanWlSX7UvPVShVGg2MA0GCSqGSIb3DQEBCwUAA4IBAQB4unTd5lxCGKsEyViE
+m1AZpxTwISBdxuixpXoskuHwCw5LApp8WbaO0W4h4ZLfL+P2cAKx7awvfsaLKQ0i
+tnmhyCZitwI9cfmRs8wwU3WgVH/CiIWv96R9mqA8AQ0pMRUp240idzd/VkLYc2RL
+CFECQOdsgflyp95PqWyFD1aGdMmwCW5nFUYkbA18cJER5VG9nquBNROzM14z73Wa
+PelMX56on9fk+KgryPQIMJFQxqwWbiszby6UaWLQ3ZDKiNwdJsmZWvQ/Gw05NTtp
+J1gOExSwrDQM0X5gxMaSxTDU7zEWQz2kjYWjdtdtiq8AtRjQ8DlqXseTpHOUB8iW
+5vWY
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFSTCCBDGgAwIBAgIQCbdJ/X8LSRbKBVZWz/bZgjANBgkqhkiG9w0BAQsFADCB
+vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W
+ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0xMzA0MDkwMDAwMDBaFw0yMzA0MDgyMzU5NTlaMIGKMQswCQYDVQQGEwJVUzEd
+MBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNVBAsTFlN5bWFudGVj
+IFRydXN0IE5ldHdvcmsxOzA5BgNVBAMTMlN5bWFudGVjIENsYXNzIDMgRXh0ZW5k
+ZWQgVmFsaWRhdGlvbiBTSEEyNTYgU1NMIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAwUo5gP1SVSC5FK9OwhPfSgNKsGXFaGaKJJxyi63peok7gyXs
+LFcSKSb3qHD0Y+AGVTyD8cPxY0sypzk9D/exa/G+Xxua5KoXZUbBpue3YXWKmCYZ
+HqcPo8eypoUnOQR0G8YHFiqSqOjpm8RaIIoby0YJUeSi5CGDM9UnyXvbqOF2hljp
+4b0TV2vgGq9xA7MV8EQB5WFk9fIRmVLs7ej1PRNrISfCxgPA8g/VWH/17yql/yjq
+jeWOdt8sZmSbNb9j/Z9KSJ8whT7VsvH+yESoWC6gnWC9Cs7BJQgcTfK0w+tcOLfY
+1JslzuMzFs/JL8wocPpjdNXExxEVpZnyKSLABQIDAQABo4IBdDCCAXAwNwYIKwYB
+BQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC53cy5zeW1hbnRlYy5j
+b20wEgYDVR0TAQH/BAgwBgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggr
+BgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIw
+HBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwPgYDVR0fBDcwNTAzoDGgL4Yt
+aHR0cDovL2NybC53cy5zeW1hbnRlYy5jb20vdW5pdmVyc2FsLXJvb3QuY3JsMA4G
+A1UdDwEB/wQEAwIBBjAqBgNVHREEIzAhpB8wHTEbMBkGA1UEAxMSVmVyaVNpZ25N
+UEtJLTItMzcyMB0GA1UdDgQWBBSybePkFA+MPHNCplqZGtMUdbaG2zAfBgNVHSME
+GDAWgBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEAdJ3d
+mGjc+GgcDYkNvwlH3cWvtjX7EqazxfQGSbmJcnB0fKn1cxQh6wAW9VOsKBq0salx
+V6wBS/SYJMULRSKRRtL+1rYIRPMbgwUcFMBo34qHylbm72/zlBO0W4VPrVe68Ow7
+gOeiAV+7ZYUARJc0uNiuIW+Xva9zHMVw3Mb3x2sgh6oEYmnI9sPzpHSPG1VPKrsH
+NUZlCdqof2NXVfDrn0kVlVeqf8tER1EAWVaDHUCRLdgd0l9x7ibBbkUNxU0SP7+R
+5TYnB2qysmYrhf8nQaKSs8pOAY371fbh5FTWa8ySae7kOY6dNM4Us/CAauNW7mW0
+zB9UpGiJBN2YLL3Pow==
+-----END CERTIFICATE-----