On Tue, 10 Jan 2023 18:32:08 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
>> It may be more effective/accuracy to stop read OCSP response bytes if >> response code is not OK. > > Logging the error code and returning with no read and not throwing an > exception I believe would still work since the revocation information would > be missing. I'm wondering though if this needs to be a separate issue given > that we're talking about a different use case, and one that involves the > behavior of HttpURLConnection when dealing with different response codes. > I'll also check to see if there are existing tests that make CPV checks > against URIs that have non-200 response codes. Hmmm, I was not quite correct about the HttpURLConnection behavior - it's not the 404 that's causing the issue directly, it is indeed the getContentLength when the 404 happens. So forget a separate issue, I will deal with non-200 codes in this PR. ------------- PR: https://git.openjdk.org/jdk/pull/11917
