[jdk11u-dev] RFR: 8179503: Java should support GET OCSP calls [v2]
Philip Helger
duke at openjdk.org
Tue May 16 20:27:56 UTC 2023
On Wed, 2 Mar 2022 14:06:44 GMT, Alexey Pavlyutkin <duke at openjdk.org> wrote:
>> Hello! I'd like to backport
>>
>> 8179503: Java should support GET OCSP calls (dependency)
>>
>> to jdk11u-dev. This one is required as a dependency for
>>
>> 8274471: Add support for RSASSA-PSS in OCSP Response
>>
>> The following changes were done to apply original patch:
>>
>> src/java.base/share/classes/sun/security/provider/certpath/OCSP.java
>>
>> - resolved baseline conflict taking place due to absent revocation checking code
>>
>> The rest of the code applied without changes
>>
>> Verification/regression (20.04/amd64): jdk_security
>
> Alexey Pavlyutkin has updated the pull request incrementally with one additional commit since the last revision:
>
> reverts copyright year
This issue causes a regression, if the OCSP server is not returning the `Content-Length` header which at least happens now and then on a DigiCert server. In that case the `contentLength` is set to `Integer.MAX_VALUE` and `IOUtils.readExactlyNBytes` fails with an `EOFException` because it can't read `Integer.MAX_VALUE` bytes
See also https://github.com/phax/phase4/issues/124 for my original analysis on the Java 17 problem
-------------
PR Comment: https://git.openjdk.org/jdk11u-dev/pull/847#issuecomment-1550310174
More information about the jdk-updates-dev
mailing list