On Mon, 22 Dec 2025 10:49:51 GMT, Mikhail Yankelevich <[email protected]> wrote:
>> [JDK-8369282](https://bugs.openjdk.org/browse/JDK-8369282) > > src/java.base/share/classes/sun/security/validator/ChunghwaTLSPolicy.java > line 87: > >> 85: } >> 86: >> 87: private static void checkNotBefore(LocalDate notBeforeDate, > > I might be wrong, but wouldn't 'Not Before' mean that it would also include > the date ('Equals or After'). I think renaming it to `checkIsAfter` would be > better, what do you think? I agree. However, `notBefore` was probably chosen because it is also a field in the X509Certificate. The name appears in many places. What about adding a comment: Check whether the certificate's `notBeforeDate` is after the distrust date for the anchor (root CA). Throw ValidatorException if it is after the distrust date. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/28930#discussion_r2640605964
