United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6787645 CRL validation code should permit some clock skew when checking validity of CRLs
JDK-6787645 : CRL validation code should permit some clock skew when checking validity of CRLs

Details
Type:
Bug
Submit Date:
2008-12-19
Status:
Resolved
Updated Date:
2010-05-06
Project Name:
JDK
Resolved Date:
2009-03-07
Component:
security-libs
OS:
solaris_10
Sub-Component:
java.security
CPU:
sparc
Priority:
P3
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:
6u14 (b03)

Related Reports
Backport:
Relates:

Sub Tasks

Description
The CRL validation code should permit some clock skew when checking the validity
of CRLs. Currently, the system clock and the CRL server's clock have to be exactly synchronized or the validity check may fail if the system's clock is skewed such that it
is either before the CRL's this update field or after the CRL's next update field.

                                    

Comments
EVALUATION

Increased the allowable OCSP and CRL validity check clock skew to 15 minutes.
                                     
2009-02-20



Hardware and Software, Engineered to Work Together