RFR: 8274471: Verification of OCSP Response signed with RSASSA-PSS fails [v3]
Jamil Nimeh
jnimeh at openjdk.java.net
Mon Oct 4 15:27:08 UTC 2021
On Fri, 1 Oct 2021 14:43:24 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Extra parameters need to be set for RSASSA-PSS signatures. We already have a helper method for that.
>>
>> Some other cleanups:
>> 1. When using GET for OCSP, make sure no double slash.
>> 2. Several throws clauses are not necessary.
>>
>> No regression test. OCSP needs to access an external server.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> verifier should not use automatically derived parameters fails
Looks good. I like the algorithm agility enhancements to SimpleOCSPServer and CertificateBuilder.
-------------
Marked as reviewed by jnimeh (Reviewer).
PR: https://git.openjdk.java.net/jdk/pull/5778
More information about the security-dev
mailing list