Skip to content

Commit ef41763

Browse files
committed
8237962: give better error output for invalid OCSP response intervals in CertPathValidator checks
Reviewed-by: clanger, mullan
1 parent edd2861 commit ef41763

File tree

2 files changed

+6
-5
lines changed

2 files changed

+6
-5
lines changed

src/java.base/share/classes/sun/security/provider/certpath/OCSPResponse.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -599,8 +599,9 @@ void verify(List<CertId> certIds, IssuerInfo issuerInfo,
599599
}
600600
debug.println("OCSP response validity interval is from " +
601601
sr.thisUpdate + until);
602-
debug.println("Checking validity of OCSP response on: " +
603-
new Date(now));
602+
debug.println("Checking validity of OCSP response on " +
603+
new Date(now) + " with allowed interval between " +
604+
nowMinusSkew + " and " + nowPlusSkew);
604605
}
605606

606607
// Check that the test date is within the validity interval:

test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -175,7 +175,7 @@ public void validate(String[] certsToValidate,
175175
certStatus = Status.EXPIRED;
176176
} else {
177177
throw new RuntimeException(
178-
"TEST FAILED: couldn't determine EE certificate status");
178+
"TEST FAILED: couldn't determine EE certificate status", cpve);
179179
}
180180
}
181181

0 commit comments

Comments
 (0)