diff --git a/JDK_1_8_0-8208602.patch b/JDK_1_8_0-8208602.patch
new file mode 100644
index 0000000..2c4e86b
--- /dev/null
+++ b/JDK_1_8_0-8208602.patch
@@ -0,0 +1,93 @@
+
+# HG changeset patch
+# User weijun
+# Date 1533101708 -28800
+# Node ID 9d92ff04a29c12a5d47f2ca4e772f7716bfdb8ff
+# Parent  b6e0bfe4a6ec5d8d9d9476c05627dfb47f2263e1
+8208602: Cannot read PEM X.509 cert if there is whitespace after the header or footer
+Reviewed-by: xuelei
+
+diff -r b6e0bfe4a6ec -r 9d92ff04a29c src/java.base/share/classes/sun/security/provider/X509Factory.java
+--- openjdk/jdk/src/share/classes/sun/security/provider/X509Factory.java	Wed Aug 01 01:40:44 2018 -0400
++++ openjdk/jdk/src/share/classes/sun/security/provider/X509Factory.java	Wed Aug 01 13:35:08 2018 +0800
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -635,7 +635,8 @@
+                 if (next != '\r') footer.append((char)next);
+             }
+ 
+-            checkHeaderFooter(header.toString(), footer.toString());
++            checkHeaderFooter(header.toString().replaceFirst("\\s++$", ""),
++                    footer.toString().replaceFirst("\\s++$", ""));
+ 
+             return Pem.decode(new String(data, 0, pos));
+         }
+diff -r b6e0bfe4a6ec -r 9d92ff04a29c test/jdk/sun/security/provider/X509Factory/BadPem.java
+--- openjdk/jdk/test/sun/security/provider/X509Factory/BadPem.java	Wed Aug 01 01:40:44 2018 -0400
++++ openjdk/jdk/test/sun/security/provider/X509Factory/BadPem.java	Wed Aug 01 13:35:08 2018 +0800
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
++ * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+  *
+  * This code is free software; you can redistribute it and/or modify it
+@@ -23,14 +23,13 @@
+ 
+ /*
+  * @test
+- * @bug 8074935
+- * @summary jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
++ * @bug 8074935 8208602
++ * @summary X.509 cert PEM format read
+  */
+ 
+ import java.io.ByteArrayOutputStream;
+ import java.io.FileInputStream;
+-import java.io.FileOutputStream;
+ import java.io.PrintStream;
+ import java.security.KeyStore;
+ import java.security.cert.CertificateException;
+ import java.util.Arrays;
+@@ -49,10 +48,12 @@
+         String pass = "passphrase";
+         String alias = "dummy";
+ 
++        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+         KeyStore keyStore = KeyStore.getInstance("JKS");
+         keyStore.load(new FileInputStream(ks), pass.toCharArray());
+         byte[] cert = keyStore.getCertificate(alias).getEncoded();
+ 
++        // 8074935
+         ByteArrayOutputStream bout = new ByteArrayOutputStream();
+         PrintStream pout = new PrintStream(bout);
+         byte[] CRLF = new byte[] {'\r', '\n'};
+@@ -64,14 +65,20 @@
+         }
+         pout.println(X509Factory.END_CERT);
+ 
+-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+-
+         try {
+             cf.generateCertificate(new ByteArrayInputStream(bout.toByteArray()));
+             throw new Exception("Should fail");
+         } catch (CertificateException e) {
+             // Good
+         }
++
++        // 8208602
++        bout.reset();
++        pout.println(X509Factory.BEGIN_CERT + "  ");
++        pout.println(Base64.getMimeEncoder().encodeToString(cert));
++        pout.println(X509Factory.END_CERT + "    ");
++
++        cf.generateCertificate(new ByteArrayInputStream(bout.toByteArray()));
+     }
+ }
+ 
+
diff --git a/java-1_8_0-openjdk.changes b/java-1_8_0-openjdk.changes
index d70685c..70d5dc4 100644
--- a/java-1_8_0-openjdk.changes
+++ b/java-1_8_0-openjdk.changes
@@ -920,6 +920,13 @@ Wed Oct 28 09:47:16 UTC 2020 - Fridrich Strba <fstrba@suse.com>
   * java-atk-wrapper-security.patch
     + rediff to changed context
 
+-------------------------------------------------------------------
+Fri May 29 09:36:42 UTC 2020 - Josef Cejka <jcejka@suse.com>
+
+- Ignore whitespaces after the header or footer in PEM X.509 cert
+  (bsc#1171352)
+  + JDK_1_8_0-8208602.patch
+
 -------------------------------------------------------------------
 Mon May  4 08:01:35 UTC 2020 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/java-1_8_0-openjdk.spec b/java-1_8_0-openjdk.spec
index fb7a9e8..3cb390f 100644
--- a/java-1_8_0-openjdk.spec
+++ b/java-1_8_0-openjdk.spec
@@ -194,6 +194,7 @@ Patch103:       ppc-zero-hotspot.patch
 Patch1001:      java-1_8_0-openjdk-suse-desktop-files.patch
 Patch1002:      icedtea-3.8.0-s390.patch
 Patch2001:      disable-doclint-by-default.patch
+Patch2002:      JDK_1_8_0-8208602.patch
 
 BuildRequires:  alsa-lib-devel
 BuildRequires:  autoconf
@@ -526,6 +527,7 @@ patch -p0 -i %{PATCH103}
 %endif
 
 patch -p0 -i %{PATCH2001}
+patch -p0 -i %{PATCH2002}
 
 (cd openjdk/common/autoconf
  bash ./autogen.sh