RFR: 8296343: CPVE thrown on missing content-length in OCSP response
Jamil Nimeh
jnimeh at openjdk.org
Tue Jan 10 16:49:52 UTC 2023
On Tue, 10 Jan 2023 15:49:26 GMT, Mark Powers <mpowers at openjdk.org> wrote:
>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line 58:
>
>> 56:
>> 57: // Turn on debugging
>> 58: static final boolean debug = true;
>
> Do you really mean to set `debug` to `true`?
The overall output is pretty small even with it on, but I'll switch it off.
-------------
PR: https://git.openjdk.org/jdk/pull/11917
More information about the security-dev
mailing list