On Tue, 28 Apr 2026 19:53:25 GMT, Jamil Nimeh <[email protected]> wrote:
>> Artur Barashev has updated the pull request incrementally with one >> additional commit since the last revision: >> >> Client side does not need a certificate > > test/jdk/sun/security/ssl/SignatureScheme/TLSCurveMismatch.java line 211: > >> 209: .setNotBefore( >> 210: Date.from(Instant.now().minus(1, >> ChronoUnit.HOURS))) >> 211: .setNotAfter(Date.from(Instant.now().plus(1, >> ChronoUnit.HOURS))) > > It seems like this could create a potential validity nesting issue, but it > would likely take a really slow system such that the notAfter date of the end > entity cert potentially could be one or two seconds later than the notAfter > of its CA. Not sure I understand, both CA and EE have a validity that starts 1h before now and ends 1h after now. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30944#discussion_r3157405351
