RFR: 8274471: Verification of OCSP Response signed with RSASSA-PSS fails

Hai-May Chao hchao at openjdk.java.net
Thu Sep 30 23:18:36 UTC 2021


On Thu, 30 Sep 2021 15:44:32 GMT, Weijun Wang <weijun at openjdk.org> wrote:

> Extra parameters need to be set for RSASSA-PSS signatures. We already have a helper method for that.
> 
> Some other cleanups:
> 1. When using GET for OCSP, make sure no double slash.
> 2. Several throws clauses are not necessary.
> 
> No regression test. OCSP needs to access an external server.

As throwing ProviderException is removed from initVerifyWithParam(), could we remove the ProviderException in the try-catch block from the callers of initVerifyWithParam()? For example, one of the callers at:
https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java#L476

-------------

PR: https://git.openjdk.java.net/jdk/pull/5778


More information about the security-dev mailing list