RFR JDK-8236039: JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3
Jamil Nimeh
jamil.j.nimeh at oracle.com
Fri Jan 3 18:06:19 UTC 2020
Hi All, the golang folks have been running into an issue where our JSSE
client treats the status_request extension in a CertificateRequest
message from a golang server as an unknown extension and alerts. This
quick fix will allow the client to read and accept the extension and
proceed. I believe you need golang 1.13.x to see this take place.
This fix does not implement client-side OCSP stapling. That will be an
RFE for another day.
Bug: https://bugs.openjdk.java.net/browse/JDK-8236039
Webrev: https://cr.openjdk.java.net/~jnimeh/reviews/8236039/webrev.01/
--Jamil
More information about the security-dev
mailing list