RFR: 8329213: Better validation for com.sun.security.ocsp.useget option [v2]
Aleksey Shipilev
shade at openjdk.org
Thu Mar 28 09:09:46 UTC 2024
> [JDK-8328638](https://bugs.openjdk.org/browse/JDK-8328638) introduced a new boolean option, `com.sun.security.ocsp.useget`. We use the usual `Boolean.parseBoolean` to convert it from String to boolean value, which works correctly for `false` and `true` as boolean values. However, any string that is not `true` would be treated as `false`. Which means that if users mistype the value, they would get a `false`, which is a non-default value, which is against the spirit of the JDK-8328638.
>
> It would be preferable to validate the option range a bit better, and default to the correct value on any error.
>
> Additional testing:
> - [x] Eyeballing `GetAndPostTests` debugging, checking that GET/POST are properly enabled/disabled for `false`, `true`, `foobar` passed as option values
> - [x] `jdk_security`, out of the box
> - [x] `jdk_security` with `-Dcom.sun.security.ocsp.useget=false` passes
> - [x] `jdk_security` with `-Dcom.sun.security.ocsp.useget=foobar` passes
Aleksey Shipilev has updated the pull request incrementally with one additional commit since the last revision:
Invert equals
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/18525/files
- new: https://git.openjdk.org/jdk/pull/18525/files/abe82ed5..f793a262
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=18525&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=18525&range=00-01
Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/18525.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/18525/head:pull/18525
PR: https://git.openjdk.org/jdk/pull/18525
More information about the security-dev
mailing list