[jdk8u-dev] RFR: 8296343: CPVE thrown on missing content-length in OCSP response
Alexey Pavlyutkin
duke at openjdk.org
Mon Jul 24 07:30:49 UTC 2023
On Wed, 7 Jun 2023 10:17:57 GMT, Alexey Pavlyutkin <duke at openjdk.org> wrote:
> Hi!
>
> Here is backport of **[JDK-8296343: CPVE thrown on missing content-length in OCSP response](https://bugs.openjdk.org/browse/JDK-8296343)**. The patch from `11u` applied with the following changes (except the path shuflling):
>
> **`jdk/src/java.base/share/classes/sun/security/provider/certpath/OCSP.java`**
> - reading response content from the input stream reworked due to `InputStream.readAllBytes()` and `IOUtils.readExactlyNBytes()` are not available in `8`
>
> **`jdk/test/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java`**
> - unsupported `List.of()` and `Set.of()` replaced with equivalent code
> - added a newline at the end of the file
>
> Verification (amd64/20.04): newly added `test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java` **FAILS**, will be fixed by backporting of [JDK-8300939](https://bugs.openjdk.org/browse/JDK-8300939)
> Regression (amd64/20.04): `jdk_security`
Please don't close this, bot.
-------------
PR Comment: https://git.openjdk.org/jdk8u-dev/pull/332#issuecomment-1647360523
More information about the jdk8u-dev
mailing list