RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v3]
Jamil Nimeh
jnimeh at openjdk.org
Thu Jan 12 15:46:46 UTC 2023
> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
Remove dead commented code
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/11917/files
- new: https://git.openjdk.org/jdk/pull/11917/files/36a0911c..ddcd124a
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=11917&range=02
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=11917&range=01-02
Stats: 6 lines in 1 file changed: 0 ins; 6 del; 0 mod
Patch: https://git.openjdk.org/jdk/pull/11917.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/11917/head:pull/11917
PR: https://git.openjdk.org/jdk/pull/11917
More information about the security-dev
mailing list