RFR: 8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
Sean Mullan
mullan at openjdk.java.net
Fri Jul 23 13:21:01 UTC 2021
On Thu, 22 Jul 2021 17:29:32 GMT, Rajan Halade <rhalade at openjdk.org> wrote:
> I have updated revoked test certificate but this test may again fail in Sept as test certificate expire leading to OCSP error.
>
> CA is not willing to issue test certificates with more than 90 day validity so this test will fail every quarter. I am re-thinking the CA certification testing approach to may be try a TLS connection with test websites. This will ensure that test will pass as long as CA keeps test website updated.
Have you thought about using a cached OCSPResponse to avoid the expiration issues? You would not be testing a live OCSP network request/response, but it might be an acceptable workaround for cases like this.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4877
More information about the security-dev
mailing list