On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs
On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs
On Thu, 12 Jan 2023 15:46:46 GMT, Jamil Nimeh wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs
On Thu, 12 Jan 2023 15:31:30 GMT, Matthew Donovan wrote:
>> Jamil Nimeh has updated the pull request incrementally with two additional
>> commits since the last revision:
>>
>> - Throw exception directly from non 200 HTTP response codes
>> - Moved SimpleOCSPServer to use CountdownLatch for re
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
Jamil Nimeh has updated the
On Thu, 12 Jan 2023 14:41:51 GMT, Jamil Nimeh wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.openjdk.org/browse/JDK-8296343
Jamil Nimeh has updated the
On Tue, 10 Jan 2023 18:32:08 GMT, Jamil Nimeh wrote:
>> It may be more effective/accuracy to stop read OCSP response bytes if
>> response code is not OK.
>
> Logging the error code and returning with no read and not throwing an
> exception I believe would still work since the revocation informa
On Tue, 10 Jan 2023 17:50:23 GMT, Jamil Nimeh wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/OCSP.java line
>> 217:
>>
>>> 215:
>>> 216: int contentLength = con.getContentLength();
>>> 217: return (contentLength == -1) ?
>>> con.getInputStream().r
On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh wrote:
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.open
On Tue, 10 Jan 2023 16:47:18 GMT, Jamil Nimeh wrote:
>> test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line
>> 58:
>>
>>> 56:
>>> 57: // Turn on debugging
>>> 58: static final boolean debug = true;
>>
>> Do you really mean to set `debug` to `true`?
>
> The overa
On Tue, 10 Jan 2023 18:26:50 GMT, Xue-Lei Andrew Fan wrote:
>> Well, in the case of a 404 what appears to happen is that HttpURLConnection
>> would throw a FileNotFoundException. That ultimately would result in a CPVE
>> if there were no other sources of revocation information (e.g. CRL) for t
On Tue, 10 Jan 2023 17:30:08 GMT, Xue-Lei Andrew Fan wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https
On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh wrote:
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.open
On Tue, 10 Jan 2023 15:49:26 GMT, Mark Powers wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs
On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh wrote:
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.open
Hello all,
This fixes an issue in OCSP where HTTP responses that do not have an
explicit Content-Length are causing an EOFException which unravels into
a CertPathValidatorException during validations that involve OCSP checks.
* JBS: https://bugs.openjdk.org/browse/JDK-8296343
https://githu
17 matches
Mail list logo
