RFR: 8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation
Sean Mullan
mullan at openjdk.org
Fri Aug 30 12:58:18 UTC 2024
On Tue, 27 Aug 2024 14:49:40 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:
> The test sun/security/validator/samedn.sh failed once due to the following reason:
>
> `Caused by: java.security.cert.CertificateNotYetValidException: NotBefore: Tue Aug 06 14:41:13 GMT 2024`
>
> This test generates several certificates using the keytool as a precondition, and then validates their certificate paths.
>
> This failure is very rare and could not be reproduced. However, based on the failure logs, the test finished at **14:41:12**, while the test certificate's NotBefore time was set to **14:41:13**. It is possible that when the certificate was created, keytool **rounded up** the NotBefore time to the nearest second. As a result, the test may have validated the certificate just before it became valid.
>
> The proposed fix is to set the NotBefore time to one minute in the past, ensuring the certificate will be valid when running the test.
Marked as reviewed by mullan (Reviewer).
-------------
PR Review: https://git.openjdk.org/jdk/pull/20728#pullrequestreview-2272238733
More information about the security-dev
mailing list