diff --git a/jdk/src/share/classes/sun/security/validator/CADistrustPolicy.java b/jdk/src/share/classes/sun/security/validator/CADistrustPolicy.java index c8b251bb93..96110d382e 100644 --- a/jdk/src/share/classes/sun/security/validator/CADistrustPolicy.java +++ b/jdk/src/share/classes/sun/security/validator/CADistrustPolicy.java @@ -57,7 +57,7 @@ void checkDistrust(String variant, X509Certificate[] chain) /** * Distrust TLS Server certificates anchored by an Entrust root CA and - * issued after October 31, 2024. If enabled, this policy is currently + * issued after November 11, 2024. If enabled, this policy is currently * enforced by the PKIX and SunX509 TrustManager implementations * of the SunJSSE provider implementation. */ diff --git a/jdk/src/share/classes/sun/security/validator/EntrustTLSPolicy.java b/jdk/src/share/classes/sun/security/validator/EntrustTLSPolicy.java index 4494880703..7a67199a1a 100644 --- a/jdk/src/share/classes/sun/security/validator/EntrustTLSPolicy.java +++ b/jdk/src/share/classes/sun/security/validator/EntrustTLSPolicy.java @@ -92,8 +92,8 @@ final class EntrustTLSPolicy { // Any TLS Server certificate that is anchored by one of the Entrust // roots above and is issued after this date will be distrusted. - private static final LocalDate OCTOBER_31_2024 = - LocalDate.of(2024, Month.OCTOBER, 31); + private static final LocalDate NOVEMBER_11_2024 = + LocalDate.of(2024, Month.NOVEMBER, 11); /** * This method assumes the eeCert is a TLS Server Cert and chains back to @@ -115,8 +115,8 @@ static void checkDistrust(X509Certificate[] chain) Date notBefore = chain[0].getNotBefore(); LocalDate ldNotBefore = notBefore.toInstant() .atZone(ZoneOffset.UTC).toLocalDate(); - // reject if certificate is issued after October 31, 2024 - checkNotBefore(ldNotBefore, OCTOBER_31_2024, anchor); + // reject if certificate is issued after November 11, 2024 + checkNotBefore(ldNotBefore, NOVEMBER_11_2024, anchor); } } diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix index 6e0597a198..37bca2df46 100644 --- a/jdk/src/share/lib/security/java.security-aix +++ b/jdk/src/share/lib/security/java.security-aix @@ -1213,7 +1213,7 @@ jdk.sasl.disabledMechanisms= # Distrust after December 31, 2019. # # ENTRUST_TLS : Distrust TLS Server certificates anchored by -# an Entrust root CA and issued after October 31, 2024. +# an Entrust root CA and issued after November 11, 2024. # # Leading and trailing whitespace surrounding each value are ignored. # Unknown values are ignored. If the property is commented out or set to the diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux index 3b5b614fa0..9bb8e992fb 100644 --- a/jdk/src/share/lib/security/java.security-linux +++ b/jdk/src/share/lib/security/java.security-linux @@ -1219,7 +1219,7 @@ jdk.sasl.disabledMechanisms= # Distrust after December 31, 2019. # # ENTRUST_TLS : Distrust TLS Server certificates anchored by -# an Entrust root CA and issued after October 31, 2024. +# an Entrust root CA and issued after November 11, 2024. # # Leading and trailing whitespace surrounding each value are ignored. # Unknown values are ignored. If the property is commented out or set to the diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx index c2d0ae5cc2..7a765742e6 100644 --- a/jdk/src/share/lib/security/java.security-macosx +++ b/jdk/src/share/lib/security/java.security-macosx @@ -1217,7 +1217,7 @@ jdk.sasl.disabledMechanisms= # Distrust after December 31, 2019. # # ENTRUST_TLS : Distrust TLS Server certificates anchored by -# an Entrust root CA and issued after October 31, 2024. +# an Entrust root CA and issued after November 11, 2024. # # Leading and trailing whitespace surrounding each value are ignored. # Unknown values are ignored. If the property is commented out or set to the diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris index 39869ee182..f0100336f5 100644 --- a/jdk/src/share/lib/security/java.security-solaris +++ b/jdk/src/share/lib/security/java.security-solaris @@ -1215,7 +1215,7 @@ jdk.sasl.disabledMechanisms= # Distrust after December 31, 2019. # # ENTRUST_TLS : Distrust TLS Server certificates anchored by -# an Entrust root CA and issued after October 31, 2024. +# an Entrust root CA and issued after November 11, 2024. # # Leading and trailing whitespace surrounding each value are ignored. # Unknown values are ignored. If the property is commented out or set to the diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows index 5b539a6bbe..e51bdece13 100644 --- a/jdk/src/share/lib/security/java.security-windows +++ b/jdk/src/share/lib/security/java.security-windows @@ -1217,7 +1217,7 @@ jdk.sasl.disabledMechanisms= # Distrust after December 31, 2019. # # ENTRUST_TLS : Distrust TLS Server certificates anchored by -# an Entrust root CA and issued after October 31, 2024. +# an Entrust root CA and issued after November 11, 2024. # # Leading and trailing whitespace surrounding each value are ignored. # Unknown values are ignored. If the property is commented out or set to the diff --git a/jdk/test/sun/security/ssl/X509TrustManagerImpl/Entrust/Distrust.java b/jdk/test/sun/security/ssl/X509TrustManagerImpl/Entrust/Distrust.java index 8eccccaf2a..99049e51bf 100644 --- a/jdk/test/sun/security/ssl/X509TrustManagerImpl/Entrust/Distrust.java +++ b/jdk/test/sun/security/ssl/X509TrustManagerImpl/Entrust/Distrust.java @@ -33,7 +33,7 @@ /** * @test - * @bug 8337664 + * @bug 8337664 8341059 * @summary Check that TLS Server certificates chaining back to distrusted * Entrust roots are invalid * @library /lib/security @@ -56,14 +56,14 @@ public class Distrust { "affirmtrustpremiumca", "affirmtrustpremiumeccca" }; // A date that is after the restrictions take effect - private static final Date NOVEMBER_1_2024 = - Date.from(LocalDate.of(2024, 11, 1) + private static final Date NOVEMBER_12_2024 = + Date.from(LocalDate.of(2024, 11, 12) .atStartOfDay(ZoneOffset.UTC) .toInstant()); // A date that is a second before the restrictions take effect - private static final Date BEFORE_NOVEMBER_1_2024 = - Date.from(LocalDate.of(2024, 11, 1) + private static final Date BEFORE_NOVEMBER_12_2024 = + Date.from(LocalDate.of(2024, 11, 12) .atStartOfDay(ZoneOffset.UTC) .minusSeconds(1) .toInstant()); @@ -81,7 +81,7 @@ public static void main(String[] args) throws Exception { Security.setProperty("jdk.security.caDistrustPolicies", ""); } - Date notBefore = before ? BEFORE_NOVEMBER_1_2024 : NOVEMBER_1_2024; + Date notBefore = before ? BEFORE_NOVEMBER_12_2024 : NOVEMBER_12_2024; X509TrustManager pkixTM = getTMF("PKIX", null); X509TrustManager sunX509TM = getTMF("SunX509", null);