On Fri, 23 Jul 2021 15:00:44 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> But you could cache the OCSPResponse now while the certificate is not > expired, and use that in the test by calling > `PKIXRevocationChecker.setOcspResponses()`. For CRLs, you could also do > something similar by caching the CRL and storing it in `CollectionCertStore` > and adding that to `PKIXParameters`. Just some ideas to avoid having to > continuously update the test certificates every 3 months. > > I can approve this now, but can you file a follow-on issue to look into this > some more? Sure. I will investigate this along with idea of using TLS connection to test websites. Thanks! ------------- PR: https://git.openjdk.java.net/jdk/pull/4877
