[jdk17u-dev] RFR: 8296343: CPVE thrown on missing content-length in OCSP response
Philip Helger
duke at openjdk.org
Wed Jan 31 19:20:15 UTC 2024
On Thu, 18 Jan 2024 05:51:13 GMT, Alexey Pavlyutkin <duke at openjdk.org> wrote:
>> Hi!
>>
>> Here is backport of [JDK-8296343](https://bugs.openjdk.org/browse/JDK-8296343). The patch fixes CertPathValidatorException taking place if OCSP response does not contain `ContentLength` field.
>>
>> Original patch is applied cleanly.
>>
>> Verification/regression (amd64/20.04 LTS): `jdk_security` including newly added `test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java`
>
> I will take a look. Thank you
@apavlyutkin do you have a new issue or ticket number for me that tackles the OCSP issue?
-------------
PR Comment: https://git.openjdk.org/jdk17u-dev/pull/1361#issuecomment-1919770451
More information about the jdk-updates-dev
mailing list