[7u] 8020940: Valid OCSP responses are rejected for backdated enquiries
Vincent Ryan
vincent.x.ryan at oracle.com
Mon Jul 22 23:43:37 UTC 2013
Thanks for the review Valerie.
Since this is a late change for 7u40 I wanted to minimize the code changes.
I will examine removing that additional construction in a later change.
On 22/07/2013 23:11, Valerie (Yu-Ching) Peng wrote:
> The changes look fine.
>
> However, the dateCheckedAgainst argument for method SingleResponse
> constructor becomes obsolete and not used at all.
> Should it be removed from the method signature, i.e. any reason to keep
> this?
>
> Thanks,
> Valerie
> On 07/19/13 09:39, Vincent Ryan wrote:
>> Please review the following change to correct the handling of
>> backdated OCSP requests:
>>
>> Bug: http://bugs.sun.com/view_bug.do?bug_id=8020940 [not yet visible]
>> Webrev: http://cr.openjdk.java.net/~vinnie/8020940/webrev.00
>>
>> It modifies the OCSP client to verify the validity interval for an
>> OCSP response relative to the current time.
>> Previously it was relative to the requested time.
>> Thanks.
>>
>
More information about the security-dev
mailing list