[jdk17u-dev] Integrated: 8328638: Fallback option for POST-only OCSP requests
Aleksey Shipilev
shade at openjdk.org
Fri Apr 5 18:54:12 UTC 2024
On Wed, 27 Mar 2024 15:45:47 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:
> Improves JDK OCSP compatibility with some real world OCSP responders. Starts to be a problem since JDK 17 introduced GET OCSP requests. The default behavior is not changed.
>
> The backports are almost clean, I just had to add the import for `Locale` and `Debug` in one of the files. `Locale` is added in mainline by [JDK-8312443](https://bugs.openjdk.org/browse/JDK-8312443), which I do not want to backport at the moment, as it changes existing security code. `Debug` is added by [JDK-8179502](https://bugs.openjdk.org/browse/JDK-8179502), which is also not amenable for easy backporting.
>
> Additional testing:
> - [x] `jdk_security` pass, includes new test cases
This pull request has now been integrated.
Changeset: 533fac61
Author: Aleksey Shipilev <shade at openjdk.org>
URL: https://git.openjdk.org/jdk17u-dev/commit/533fac611d38365f3679bfd05f4a63f5f983e06f
Stats: 130 lines in 5 files changed: 125 ins; 0 del; 5 mod
8328638: Fallback option for POST-only OCSP requests
8329213: Better validation for com.sun.security.ocsp.useget option
Reviewed-by: serb
Backport-of: 614db2ea9e10346475eef34629eab54878aa482d
-------------
PR: https://git.openjdk.org/jdk17u-dev/pull/2338
More information about the jdk-updates-dev
mailing list