RFR: 8274471: Verification of OCSP Response signed with RSASSA-PSS fails [v2]
Weijun Wang
weijun at openjdk.java.net
Fri Oct 1 14:43:25 UTC 2021
On Fri, 1 Oct 2021 03:32:11 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Extra parameters need to be set for RSASSA-PSS signatures. We already have a helper method for that.
>>
>> Some other cleanups:
>> 1. When using GET for OCSP, make sure no double slash.
>> 2. Several throws clauses are not necessary.
>>
>> No regression test. OCSP needs to access an external server.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> a test
New commit to disallow a verifier `Signature` be created directly from algorithm and key and initialized with a default parameters. For verifiers, params must be provided explicitly (if needed); otherwise, it's an error. Fortunately no code is using this function at the moment.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5778
More information about the security-dev
mailing list