Integrated: 8296343: CPVE thrown on missing content-length in OCSP response
Jamil Nimeh
jnimeh at openjdk.org
Mon Jan 23 18:15:39 UTC 2023
On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
> This fixes an issue where HTTP responses that do not have an explicit Content-Length are causing an EOFException which unravels into a CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
This pull request has now been integrated.
Changeset: 1a3cb8c5
Author: Jamil Nimeh <jnimeh at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/1a3cb8c5018bc016c2ad6b078e4abe13b39d151c
Stats: 399 lines in 9 files changed: 283 ins; 37 del; 79 mod
8296343: CPVE thrown on missing content-length in OCSP response
Reviewed-by: mullan, rhalade
-------------
PR: https://git.openjdk.org/jdk/pull/11917
More information about the security-dev
mailing list