Hello all, Please approve the following low-risk fix for 7u40:
Bug: http://bugs.sun.com/view_bug.do?bug_id=8020940 [not yet visible] Webrev: http://cr.openjdk.java.net/~vinnie/8020940/webrev.00 Code review: http://mail.openjdk.java.net/pipermail/security-dev/2013-July/008214.html Reviewer: Sean Mullan (currently seeking a second reviewer) 7u40-critical-request justification: SQE certificate revocation interop tests are currently failing and there is no workaround. This problem does not occur in JDK 8 (because a different code path is used). The fix modifies the OCSP client to verify the validity interval for an OCSP response relative to the current time. Previously it was relative to the requested time. The bug is labeled 'noreg-hard' because automated tests are unreliable due to intermittent network issues when communicating with external OCSP responders. Thanks.
