RFR: 8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error

Sean Mullan mullan at openjdk.java.net
Fri Jul 23 13:21:01 UTC 2021


On Thu, 22 Jul 2021 17:29:32 GMT, Rajan Halade <rhalade at openjdk.org> wrote:

> I have updated revoked test certificate but this test may again fail in Sept as test certificate expire leading to OCSP error.
> 
> CA is not willing to issue test certificates with more than 90 day validity so this test will fail every quarter. I am re-thinking the CA certification testing approach to may be try a TLS connection with test websites. This will ensure that test will pass as long as CA keeps test website updated.

Have you thought about using a cached OCSPResponse to avoid the expiration issues? You would not be testing a live OCSP network request/response, but it might be an acceptable workaround for cases like this.

-------------

PR: https://git.openjdk.java.net/jdk/pull/4877



More information about the security-dev mailing list