JDK-7038175 : Expired PKITS certificates causing CertPathBuilder and CertPathValidator regression test failures
Type:Bug
Component:security-libs
Sub-Component:java.security
Affected Version:5.0,6,7,8
Priority:P2
Status:Closed
Resolution:Fixed
OS:generic,solaris_10
CPU:generic,x86
Submitted:2011-04-20
Updated:2013-09-12
Resolved:2011-06-22
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
Several JDK regression tests have started to fail because the certificates used in the tests have expired on Tue Apr 19 10:57:20 EDT 2011.
These tests all use test certificates from the PKITS test suite.
EVALUATION
See suggested fix. I also had to modify the DistributionPointFetcher to set the validity date when building the CRL issuer's certification path.
*** (#1 of 1): [ UNSAVED ] ###@###.###
21-04-2011
SUGGESTED FIX
Modify the tests to set the validity date (using PKIXParameters.setValidity) to a time in the past, within the validity period of the certificate.