OCSP clock skew configuration
Seshadri, Usha
usha.seshadri at lmco.com
Tue Sep 29 13:49:42 UTC 2015
Hi,
The following bug reports seems to indicate the OCSP validation code should permit clock skew when checking the validity of OCSP responses.
1. JDK-674888 (Bug - affected version 6u11)
2. JDK-2166696 (Backport - fixed version 6u10 (b32)
3. JDK-2186994 (Backport - fixed version OpenJDK6 (b18)
4. JDK-2166740 (Backport - fixed version 7 (b41))
I am using Java8, and would expect it to have all the above fixes. Changing the value of "deployment.security.validation.clockskew" has no impact on the OCSP certification validation. The certificate validation always defaults to 15 minutes.
What configurable property (and what file) controls the OCSP validation clock skew? Any answer will be greatly appreciated!
Thanks,
Usha Seshadri
Lockheed Martin, IS&GS
301-240-7496
[LM-logo]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150929/ae1121da/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3520 bytes
Desc: image001.jpg
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20150929/ae1121da/image001.jpg>
More information about the security-dev
mailing list