[jdk17u-dev] RFR: 8274471: Add support for RSASSA-PSS in OCSP Response
Alexey Bakhtin
abakhtin at openjdk.java.net
Tue Feb 22 14:52:02 UTC 2022
On Fri, 24 Dec 2021 17:23:26 GMT, Alexey Pavlyutkin <duke at openjdk.java.net> wrote:
> This one is submitted in place of https://github.com/openjdk/jdk17u/pull/248 that was too late to jdk17u
>
> I'd like to backport JDK-8274471 to jdk17u-dev
>
> The patch fixes internal error upon verification of OCSP Response signed with RSASSA-PSS
>
> The original patch applied with minor changes to src/java.base/share/classes/sun/security/provider/certpath/OCSP.java
>
> - resolved baseline conflict: the original patch was done on top of JDK-8272120: Avoid looking for standard encodings in "java." modules and cannot be applied cleanly although it deletes the changes done against JDK-8272120 (see lines 249-241)
> - imported few required packages
>
> Verified (20.04 LTS/amd64) with attached [Test8274471.java.zip](https://github.com/openjdk/jdk17u/files/7514663/Test8274471.java.zip). Regression: jdk_security
Minor comments of the OCSP changes:
The original patch removes unused imports. These unused imports were caused by JDK-8232066: “Remove outdated code/methods from PKIX implementation”
JDK-8232066 does not affect the functionality of this enhancement and can be skipped
So, looks good to me (not a reviewer)
-------------
PR: https://git.openjdk.java.net/jdk17u-dev/pull/36
More information about the jdk-updates-dev
mailing list