On Mon, 22 Dec 2025 17:20:56 GMT, Mark Powers <[email protected]> wrote:
>> src/java.base/share/classes/sun/security/validator/ChunghwaTLSPolicy.java
>> line 87:
>>
>>> 85: }
>>> 86:
>>> 87: private static void checkNotBefore(LocalDate notBeforeDate,
>>
>> I might be wrong, but wouldn't 'Not Before' mean that it would also include
>> the date ('Equals or After'). I think renaming it to `checkIsAfter` would be
>> better, what do you think?
>
> I agree. However, `notBefore` was probably chosen because it is also a field
> in the X509Certificate. The name appears in many places. What about adding a
> comment:
> Check whether the certificate's `notBeforeDate` is after the distrust date
> for the anchor (root CA).
> Throw ValidatorException if it is after the distrust date.
That would be fine with me and I think would be helpful. Thank you!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28930#discussion_r2643051628
