RFR: JDK-8305211: Remove CA certificates that are expired

Sean Mullan mullan at openjdk.org
Thu Mar 30 19:03:16 UTC 2023


On Thu, 30 Mar 2023 18:42:21 GMT, Victor Rudometov <vrudomet at openjdk.org> wrote:

> Isn't it required for all certificates in the chain to be valid at the current date/time?

For TLS, yes. For signed code, no as long as the code was previously timestamped and that timestamp was within the validity period of all of the certificates in the chain.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/13237#issuecomment-1490784302


More information about the security-dev mailing list