Integrated: 8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation
Fernando Guallini
fguallini at openjdk.org
Thu Sep 5 13:17:00 UTC 2024
On Tue, 27 Aug 2024 14:49:40 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:
> The test sun/security/validator/samedn.sh failed once due to the following reason:
>
> `Caused by: java.security.cert.CertificateNotYetValidException: NotBefore: Tue Aug 06 14:41:13 GMT 2024`
>
> This test generates several certificates using the keytool as a precondition, and then validates their certificate paths.
>
> This failure is very rare and could not be reproduced. However, based on the failure logs, the test finished at **14:41:12**, while the test certificate's NotBefore time was set to **14:41:13**. It is possible that when the certificate was created, keytool **rounded up** the NotBefore time to the nearest second. As a result, the test may have validated the certificate just before it became valid.
>
> The proposed fix is to set the NotBefore time to one minute in the past, ensuring the certificate will be valid when running the test.
This pull request has now been integrated.
Changeset: a505a1dd
Author: Fernando Guallini <fguallini at openjdk.org>
Committer: Sean Mullan <mullan at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/a505a1dda3bc6975bb11f390543b38618ddf2626
Stats: 5 lines in 1 file changed: 1 ins; 0 del; 4 mod
8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation
Reviewed-by: mullan
-------------
PR: https://git.openjdk.org/jdk/pull/20728
More information about the security-dev
mailing list