RFR: 8296343: CPVE thrown on missing content-length in OCSP response

Jamil Nimeh jamil.j.nimeh at oracle.com
Tue Jan 10 14:44:36 UTC 2023


Hello all,

This fixes an issue in OCSP where HTTP responses that do not have an 
explicit Content-Length are causing an EOFException which unravels into 
a CertPathValidatorException during validations that involve OCSP checks.

  * JBS: https://bugs.openjdk.org/browse/JDK-8296343


https://github.com/openjdk/jdk/pull/11917

Thanks,

--Jamil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230110/870c2b48/attachment.htm>


More information about the security-dev mailing list