RFR: 8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error

Rajan Halade rhalade at openjdk.java.net
Fri Jul 23 15:07:09 UTC 2021


On Fri, 23 Jul 2021 15:00:44 GMT, Sean Mullan <mullan at openjdk.org> wrote:

> But you could cache the OCSPResponse now while the certificate is not expired, and use that in the test by calling `PKIXRevocationChecker.setOcspResponses()`. For CRLs, you could also do something similar by caching the CRL and storing it in `CollectionCertStore` and adding that to `PKIXParameters`. Just some ideas to avoid having to continuously update the test certificates every 3 months.
> 
> I can approve this now, but can you file a follow-on issue to look into this some more?

Sure. I will investigate this along with idea of using TLS connection to test websites. Thanks!

-------------

PR: https://git.openjdk.java.net/jdk/pull/4877



More information about the security-dev mailing list