On Wed, 26 Jan 2022 05:56:31 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> Done. Removed the extra info (YYYY-MM-DD form) from the exception message >> that was set in `DisabledAlgorithmConstraints` class, and re-formated the >> `denyAfterDate` into YYYY-MM-DD format in keytool. > > The CertPathValidatorException is: `denyAfter constraint check failed: SHA1 > used with Constraint date: Mon Dec 31 16:00:00 PST 2018; params date: Tue Jan > 25 19:56:48 PST 2022 used with certificate: CN=CA` > So, the reformat of the `denyAfterDate` to YYYY-MM-DD format will be > 2018-12-31. Additional regression tests on various platforms showed that the exception messages could be: CertPathValidatorException: `denyAfter constraint check failed: SHA1 used with Constraint date: Tue Jan 01 00:00:00 GMT 2019; params date: Wed Jan 26 11:02:48 GMT 2022 used with certificate: CN=CA` CertPathValidatorException: `denyAfter constraint check failed: SHA1 used with Constraint date: Tue Jan 01 00:00:00 UTC 2019; params date: Wed Jan 26 10:39:02 UTC 2022 used with certificate: CN=CA` Hence, updated test to not check for a fixed date as the reformatted `denyAfterDate` done in keytool depends on the exception messages. ------------- PR: https://git.openjdk.java.net/jdk/pull/7039
