[7u] 8020940: Valid OCSP responses are rejected for backdated enquiries
Valerie (Yu-Ching) Peng
valerie.peng at oracle.com
Mon Jul 22 22:11:44 UTC 2013
The changes look fine.
However, the dateCheckedAgainst argument for method SingleResponse
constructor becomes obsolete and not used at all.
Should it be removed from the method signature, i.e. any reason to keep
this?
Thanks,
Valerie
On 07/19/13 09:39, Vincent Ryan wrote:
> Please review the following change to correct the handling of backdated OCSP requests:
>
> Bug: http://bugs.sun.com/view_bug.do?bug_id=8020940 [not yet visible]
> Webrev: http://cr.openjdk.java.net/~vinnie/8020940/webrev.00
>
> It modifies the OCSP client to verify the validity interval for an OCSP response relative to the current time.
> Previously it was relative to the requested time.
> Thanks.
>
More information about the security-dev
mailing list