RFR: JDK-8132942: ServerHandshaker should not throw SSLHandshakeException when CertificateStatus constructor is called with invalid arguments
Xuelei Fan
xuelei.fan at oracle.com
Fri Mar 4 10:30:16 UTC 2016
JDK-8132942:
"The current implementation for OCSP stapling has ServerHandshaker
trying to construct a CertificateStatus message, but if the arguments
are invalid it throws SSLHandshakeException."
In your webrev, looks like the exception get ignore before your update.
I may miss something. Can you have more details about this point.
On 3/3/2016 12:48 AM, Jamil Nimeh wrote:
> Hello all, this fixes a minor issue with OCSP stapling, where we now do
> the argument checking up-front before attempting to instantiate the
> CertificateStatus handshake message object.
I may miss something. I did not find the update related to this point.
Can you have more details?
> Also I've pulled out the
> OCSP stapling processing from within the clientHello method since it
> already was really long and placed it in its own private method.
>
The price is there are three more new class variables. I would try to
avoid it. Looks like "staplingActive" should not be a class variable, too.
Xuelei
> Bug: https://bugs.openjdk.java.net/browse/JDK-8132942
> Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8132942/webrev.01/
>
> Thanks,
> --Jamil
More information about the security-dev
mailing list