RFR: 8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
Mikhail Yankelevich
myankelevich at openjdk.org
Mon Dec 22 10:53:53 UTC 2025
On Fri, 19 Dec 2025 17:24:18 GMT, Mark Powers <mpowers at openjdk.org> wrote:
> [JDK-8369282](https://bugs.openjdk.org/browse/JDK-8369282)
src/java.base/share/classes/sun/security/validator/ChunghwaTLSPolicy.java line 66:
> 64: * @throws ValidatorException if the certificate is distrusted
> 65: */
> 66: static void checkDistrust(X509Certificate[] chain)
nit: `checkDistrust` is an odd name for a method throwing an error and not returning anything in my opinion. But since it's used in other files and behaves the same I think it's fine.
src/java.base/share/classes/sun/security/validator/ChunghwaTLSPolicy.java line 87:
> 85: }
> 86:
> 87: private static void checkNotBefore(LocalDate notBeforeDate,
I might be wrong, but wouldn't 'Not Before' mean that it would also include the date ('Equals or After'). I think renaming it to `checkIsAfter` would be better, what do you think?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28930#discussion_r2639468426
PR Review Comment: https://git.openjdk.org/jdk/pull/28930#discussion_r2639472548
More information about the security-dev
mailing list