RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v2]
Jamil Nimeh
jnimeh at openjdk.org
Thu Jan 12 14:41:51 UTC 2023
> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
Jamil Nimeh has updated the pull request incrementally with two additional commits since the last revision:
- Throw exception directly from non 200 HTTP response codes
- Moved SimpleOCSPServer to use CountdownLatch for ready state, updated tests
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/11917/files
- new: https://git.openjdk.org/jdk/pull/11917/files/16a60c85..36a0911c
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=11917&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=11917&range=00-01
Stats: 151 lines in 9 files changed: 28 ins; 38 del; 85 mod
Patch: https://git.openjdk.org/jdk/pull/11917.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/11917/head:pull/11917
PR: https://git.openjdk.org/jdk/pull/11917
More information about the security-dev
mailing list