JDK-8004846 : Time-specific certpath validation applies to OCSP response validity period
  • Type: Bug
  • Component: security-libs
  • Affected Version: 7u10
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2012-12-11
  • Updated: 2013-07-19
  • Resolved: 2012-12-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u40 b08Fixed
Related Reports
Relates :  
PKIX certpath validation is normally performed using the current time.
It may also be requested to be performed at a specific time.

When validating a certpath using a specified time then the OCSP response
shall be checked using that time, rather than using the current time.

Specifically, the specified time should be used when validating the 
OCSP response's thisUpdate and nextUpdate, rather than the current time.

Verified by java/security/cert/CertPathValidator/OCSP/ValidateUsingOCSPCache.java test on 7u40 b32