RFR: 8328638: Fallback option for POST-only OCSP requests [v5]
Rajan Halade
rhalade at openjdk.org
Tue Mar 26 19:01:26 UTC 2024
On Tue, 26 Mar 2024 18:34:42 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:
>> test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java line 478:
>>
>>> 476: * @library /test/lib
>>> 477: * @build jtreg.SkippedException ValidatePathWithURL CAInterop
>>> 478: * @run main/othervm -Djava.security.debug=certpath,ocsp CAInterop emsignrootcag1 OCSP
>>
>> eMudhra OCSP responders don't support GET calls so these tests fail, refer - [JDK-8328830](https://bugs.openjdk.org/browse/JDK-8328830). We are following up with CA. Meanwhile, can you please add these test to ProblemList at https://github.com/openjdk/jdk/blob/master/test/jdk/ProblemList.txt#L627
>>
>>
>> # jdk_security_infra
>>
>> security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#emsigneccrootcag3 8328830 generic-all
>> security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#emsignrootcag1 8328830 generic-all
>
> Oooooh! So we found the CA's OCSP responder that does not like GET requests, nice. I think these tests should be problemlisted with [JDK-8328830](https://bugs.openjdk.org/browse/JDK-8328830) subtask, and the fix for [JDK-8328830](https://bugs.openjdk.org/browse/JDK-8328830) would then fix/resolve the issue?
Sure, I will do that then. Thanks!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18408#discussion_r1539937209
More information about the security-dev
mailing list