RFR: 8296343: CPVE thrown on missing content-length in OCSP response [v3]
Xue-Lei Andrew Fan
xuelei at openjdk.org
Mon Jan 23 18:08:59 UTC 2023
On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
>> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
>
> Jamil Nimeh has updated the pull request incrementally with one additional commit since the last revision:
>
> Remove dead commented code
Marked as reviewed by xuelei (Reviewer).
-------------
PR: https://git.openjdk.org/jdk/pull/11917
More information about the security-dev
mailing list