[jdk11u-dev] RFR: 8296343: CPVE thrown on missing content-length in OCSP response
Alexey Pavlyutkin
duke at openjdk.org
Wed May 31 17:06:20 UTC 2023
Hi!
Here is backport of [JDK-8296343](https://bugs.openjdk.org/browse/JDK-8296343). The patch fixes CertPathValidatorException taking place if OCSP response does not contain ContentLength field.
Original patch is applied cleanly except a conflict in Copyright record in `src/java.base/share/classes/sun/security/provider/certpath/OCSP.java`
Verification (amd64/20.04): newly added `test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java` FAILS, to be fixed by backporting of [JDK-8300939](https://bugs.openjdk.org/browse/JDK-8300939)
Regression (amd64/20.04): `jdk_security`
-------------
Depends on: https://git.openjdk.org/jdk11u-dev/pull/1918
Commit messages:
- Backport 46233d158959e61348db6e9add04f8dcbe4b45e7
Changes: https://git.openjdk.org/jdk11u-dev/pull/1920/files
Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=1920&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8296343
Stats: 402 lines in 9 files changed: 287 ins; 40 del; 75 mod
Patch: https://git.openjdk.org/jdk11u-dev/pull/1920.diff
Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/1920/head:pull/1920
PR: https://git.openjdk.org/jdk11u-dev/pull/1920
More information about the jdk-updates-dev
mailing list