RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v3]

Xue-Lei Andrew Fan xuelei at openjdk.org
Mon Jan 23 18:08:59 UTC 2023


On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>> 
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove dead commented code

Marked as reviewed by xuelei (Reviewer).

-------------

PR: https://git.openjdk.org/jdk/pull/11917



More information about the security-dev mailing list