[7u40] Request for Phase 2 approval for 8020940: Valid OCSP responses are rejected for backdated enquiries
Vincent Ryan
vincent.x.ryan at oracle.com
Fri Jul 19 09:53:43 PDT 2013
Hello all,
Please approve the following low-risk fix for 7u40:
Bug: http://bugs.sun.com/view_bug.do?bug_id=8020940 [not yet visible]
Webrev: http://cr.openjdk.java.net/~vinnie/8020940/webrev.00
Code review: http://mail.openjdk.java.net/pipermail/security-dev/2013-July/008214.html
Reviewer: Sean Mullan (currently seeking a second reviewer)
7u40-critical-request justification:
SQE certificate revocation interop tests are currently failing and there is no workaround.
This problem does not occur in JDK 8 (because a different code path is used).
The fix modifies the OCSP client to verify the validity interval for an OCSP response relative to the current time.
Previously it was relative to the requested time.
The bug is labeled 'noreg-hard' because automated tests are unreliable due to intermittent
network issues when communicating with external OCSP responders.
Thanks.
More information about the jdk7u-dev
mailing list