On Thu, 8 Dec 2022 13:09:11 GMT, Volker Simonis wrote:
> Currently, TLS session tickets introduced by
> [JDK-8211018](https://bugs.openjdk.org/browse/JDK-8211018) in JDK 13 (i.e.
> `SessionTicketExtension$StatelessKey`) are generated in the class
> `SessionTicketExtension` and they use a singl
On Mon, 9 Jan 2023 18:38:33 GMT, Volker Simonis wrote:
>> Please clarify that, if the field is updated on one thread under
>> synchronized block, why we will read the correct "currentKeyID" here on
>> another thread if no synchronization is used in this place?
>
>> Please clarify that, if the f
On Tue, 10 Jan 2023 18:59:30 GMT, Matthew Donovan wrote:
> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version
> numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt
>
> Tested with jdk_security and jdk_security3 test groups.
test/jdk/ProblemList.txt li
On Tue, 10 Jan 2023 20:16:02 GMT, Matthew Donovan wrote:
> > This update will introduce version negotiation issues. Per TLS spec,
> > version 105.106 should be allowed and the version could be negotiated
> > properly. When TLS 1.4 is defined later in the future, the code update here
> > will c
On Tue, 10 Jan 2023 19:25:32 GMT, Xue-Lei Andrew Fan wrote:
> This update will introduce version negotiation issues. Per TLS spec, version
> 105.106 should be allowed and the version could be negotiated properly. When
> TLS 1.4 is defined later in the future, the code update here will cause
>
On Tue, 10 Jan 2023 18:59:30 GMT, Matthew Donovan wrote:
> - Updated ProtocolVersion.isNegotiable() to check a bounded range of version
> numbers.
> - Removed IllegalRecordVersion.java from ProblemList.txt
>
> Tested with jdk_security and jdk_security3 test groups.
This update will introduce
- Updated ProtocolVersion.isNegotiable() to check a bounded range of version
numbers.
- Removed IllegalRecordVersion.java from ProblemList.txt
Tested with jdk_security and jdk_security3 test groups.
-
Commit messages:
- 8299870: TLS record version check allows invalid records
Cha
On Tue, 10 Jan 2023 18:32:08 GMT, Jamil Nimeh wrote:
>> It may be more effective/accuracy to stop read OCSP response bytes if
>> response code is not OK.
>
> Logging the error code and returning with no read and not throwing an
> exception I believe would still work since the revocation informa
On Tue, 10 Jan 2023 17:50:23 GMT, Jamil Nimeh wrote:
>> src/java.base/share/classes/sun/security/provider/certpath/OCSP.java line
>> 217:
>>
>>> 215:
>>> 216: int contentLength = con.getContentLength();
>>> 217: return (contentLength == -1) ?
>>> con.getInputStream().r
On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh wrote:
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.open
On Tue, 10 Jan 2023 16:47:18 GMT, Jamil Nimeh wrote:
>> test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java line
>> 58:
>>
>>> 56:
>>> 57: // Turn on debugging
>>> 58: static final boolean debug = true;
>>
>> Do you really mean to set `debug` to `true`?
>
> The overa
On Tue, 10 Jan 2023 18:26:50 GMT, Xue-Lei Andrew Fan wrote:
>> Well, in the case of a 404 what appears to happen is that HttpURLConnection
>> would throw a FileNotFoundException. That ultimately would result in a CPVE
>> if there were no other sources of revocation information (e.g. CRL) for t
On Tue, 10 Jan 2023 17:30:08 GMT, Xue-Lei Andrew Fan wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https
On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh wrote:
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.open
On Tue, 10 Jan 2023 15:49:26 GMT, Mark Powers wrote:
>> This fixes an issue where HTTP responses that do not have an explicit
>> Content-Length are causing an EOFException which unravels into a
>> CertPathValidatorException during validations that involve OCSP checks.
>>
>> - JBS: https://bugs
On Tue, 10 Jan 2023 06:02:29 GMT, Jamil Nimeh wrote:
> This fixes an issue where HTTP responses that do not have an explicit
> Content-Length are causing an EOFException which unravels into a
> CertPathValidatorException during validations that involve OCSP checks.
>
> - JBS: https://bugs.open
Hello all,
This fixes an issue in OCSP where HTTP responses that do not have an
explicit Content-Length are causing an EOFException which unravels into
a CertPathValidatorException during validations that involve OCSP checks.
* JBS: https://bugs.openjdk.org/browse/JDK-8296343
https://githu
17 matches
Mail list logo
