[7u40] Request for Phase 2 approval for 8020940: Valid OCSP responses are rejected for backdated enquiries
Seán Coffey
sean.coffey at oracle.com
Fri Jul 19 14:09:05 PDT 2013
Approved for jdk7u40-dev.
regards,
Sean.
On 19/07/2013 17:53, Vincent Ryan wrote:
> Hello all,
>
> Please approve the following low-risk fix for 7u40:
>
> Bug: http://bugs.sun.com/view_bug.do?bug_id=8020940 [not yet visible]
> Webrev: http://cr.openjdk.java.net/~vinnie/8020940/webrev.00
> Code review: http://mail.openjdk.java.net/pipermail/security-dev/2013-July/008214.html
> Reviewer: Sean Mullan (currently seeking a second reviewer)
>
> 7u40-critical-request justification:
> SQE certificate revocation interop tests are currently failing and there is no workaround.
> This problem does not occur in JDK 8 (because a different code path is used).
>
> The fix modifies the OCSP client to verify the validity interval for an OCSP response relative to the current time.
> Previously it was relative to the requested time.
>
> The bug is labeled 'noreg-hard' because automated tests are unreliable due to intermittent
> network issues when communicating with external OCSP responders.
>
>
> Thanks.
More information about the jdk7u-dev
mailing list