RFR: 8296343: CPVE thrown on missing content-length in OCSP response
Jamil Nimeh
jamil.j.nimeh at oracle.com
Tue Jan 10 14:44:36 UTC 2023
Hello all,
This fixes an issue in OCSP where HTTP responses that do not have an
explicit Content-Length are causing an EOFException which unravels into
a CertPathValidatorException during validations that involve OCSP checks.
* JBS: https://bugs.openjdk.org/browse/JDK-8296343
https://github.com/openjdk/jdk/pull/11917
Thanks,
--Jamil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20230110/870c2b48/attachment.htm>
More information about the security-dev
mailing list