RFR: JDK-8305211: Remove CA certificates that are expired
Sean Mullan
mullan at openjdk.org
Thu Mar 30 19:03:16 UTC 2023
On Thu, 30 Mar 2023 18:42:21 GMT, Victor Rudometov <vrudomet at openjdk.org> wrote:
> Isn't it required for all certificates in the chain to be valid at the current date/time?
For TLS, yes. For signed code, no as long as the code was previously timestamped and that timestamp was within the validity period of all of the certificates in the chain.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/13237#issuecomment-1490784302
More information about the security-dev
mailing list