8341059: Change Entrust TLS distrust date to November 12, 2024

Reviewed-by: mullan
2025-08-27 06:45:07 +02:00 · 2024-09-27 17:16:13 +00:00 · 2024-09-27 17:16:13 +00:00 · f554c3ffce
commit f554c3ffce
parent 65200a9589
4 changed files with 8 additions and 8 deletions
--- a/src/java.base/share/classes/sun/security/validator/CADistrustPolicy.java
+++ b/src/java.base/share/classes/sun/security/validator/CADistrustPolicy.java
@ -57,7 +57,7 @@ enum CADistrustPolicy {

    /**
     * Distrust TLS Server certificates anchored by an Entrust root CA and
-     * issued after October 31, 2024. If enabled, this policy is currently
+     * issued after November 11, 2024. If enabled, this policy is currently
     * enforced by the PKIX and SunX509 TrustManager implementations
     * of the SunJSSE provider implementation.
     */
--- a/src/java.base/share/classes/sun/security/validator/EntrustTLSPolicy.java
+++ b/src/java.base/share/classes/sun/security/validator/EntrustTLSPolicy.java
@ -88,8 +88,8 @@ final class EntrustTLSPolicy {

    // Any TLS Server certificate that is anchored by one of the Entrust
    // roots above and is issued after this date will be distrusted.
-    private static final LocalDate OCTOBER_31_2024 =
-        LocalDate.of(2024, Month.OCTOBER, 31);
+    private static final LocalDate NOVEMBER_11_2024 =
+        LocalDate.of(2024, Month.NOVEMBER, 11);

    /**
     * This method assumes the eeCert is a TLS Server Cert and chains back to
@ -111,8 +111,8 @@ final class EntrustTLSPolicy {
            Date notBefore = chain[0].getNotBefore();
            LocalDate ldNotBefore = LocalDate.ofInstant(notBefore.toInstant(),
                                                        ZoneOffset.UTC);
-            // reject if certificate is issued after October 31, 2024
-            checkNotBefore(ldNotBefore, OCTOBER_31_2024, anchor);
+            // reject if certificate is issued after November 11, 2024
+            checkNotBefore(ldNotBefore, NOVEMBER_11_2024, anchor);
        }
    }