On Wed, 20 Mar 2024 19:48:52 GMT, Aleksey Shipilev <sh...@openjdk.org> wrote:
> See the rationale/discussion in the bug. This patch introduces the option > that allows to restore > pre-[JDK-8179503](https://bugs.openjdk.org/browse/JDK-8179503) behavior. The > default behavior does not change. Better suggestions for flag name are > welcome. > > Additional testing: > - [x] `jdk_security` passes out of the box (includes new test config) > - [x] `jdk_security` passes with flag override > - [x] Eyeballing `GetPostTests` amended debugging output, `GET`-s are used > by default for small requests, `POST`-s are used for everything with flag > override Ideally, we should also modify the tests in `test/jdk/security/infra/java/security/cert/CertPathValidator/certification` to test OCSP with POST. I think it should be easy enough to add an additional line to each test like: ` * @run main/othervm/timeout=180 -Djava.security.debug=certpath -Dcom.sun.security.ocsp.useget=false ActalisCA OCSP` This means we would be testing real OCSP responders supported by CAs in the Java Root Program, and not just a test responder that we created. @rhalade would this change be ok with you? ------------- PR Comment: https://git.openjdk.org/jdk/pull/18408#issuecomment-2013663116
