RFR: 8328638: Fallback option for POST-only OCSP requests [v5]
Aleksey Shipilev
shade at openjdk.org
Tue Mar 26 18:37:23 UTC 2024
On Tue, 26 Mar 2024 18:10:39 GMT, Rajan Halade <rhalade at openjdk.org> wrote:
>> Aleksey Shipilev has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains five commits:
>>
>> - Merge branch 'master' into JDK-8328638-ocsp-post
>> - Merge branch 'master' into JDK-8328638-ocsp-post
>> - Merge branch 'master' into JDK-8328638-ocsp-post
>> - Amend CAInterop test
>> - Fix
>
> test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java line 478:
>
>> 476: * @library /test/lib
>> 477: * @build jtreg.SkippedException ValidatePathWithURL CAInterop
>> 478: * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop emsignrootcag1 OCSP
>
> eMudhra OCSP responders don't support GET calls so these tests fail, refer - [JDK-8328830](https://bugs.openjdk.org/browse/JDK-8328830). We are following up with CA. Meanwhile, can you please add these test to ProblemList at https://github.com/openjdk/jdk/blob/master/test/jdk/ProblemList.txt#L627
>
>
> # jdk_security_infra
>
> security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#emsigneccrootcag3 8328830 generic-all
> security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#emsignrootcag1 8328830 generic-all
Oooooh! So we found the CA that does not like GET requests, nice. I think these tests should be problemlisted with [JDK-8328830](https://bugs.openjdk.org/browse/JDK-8328830) subtask, and the fix for [JDK-8328830](https://bugs.openjdk.org/browse/JDK-8328830) would then fix/resolve the issue?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18408#discussion_r1539892392
More information about the security-dev
mailing list