RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v3]
Sean Mullan
mullan at openjdk.org
Thu Jan 19 23:12:56 UTC 2023
On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
>
> Remove dead commented code
I have reviewed the code changes to OCSP.java and it looks fine. I have not reviewed the test changes though, please find a separate Reviewer for those changes.
-------------
Marked as reviewed by mullan (Reviewer).
PR: https://git.openjdk.org/jdk/pull/11917
More information about the security-dev
mailing list