RFR: 8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
Rajan Halade
rhalade at openjdk.java.net
Fri Jul 23 15:07:09 UTC 2021
On Fri, 23 Jul 2021 15:00:44 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> But you could cache the OCSPResponse now while the certificate is not expired, and use that in the test by calling `PKIXRevocationChecker.setOcspResponses()`. For CRLs, you could also do something similar by caching the CRL and storing it in `CollectionCertStore` and adding that to `PKIXParameters`. Just some ideas to avoid having to continuously update the test certificates every 3 months.
>
> I can approve this now, but can you file a follow-on issue to look into this some more?
Sure. I will investigate this along with idea of using TLS connection to test websites. Thanks!
-------------
PR: https://git.openjdk.java.net/jdk/pull/4877
More information about the security-dev
mailing list