-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCSPException when trying to load an OCSP response with empty extensions sequence #1617
Comments
The response isn't valid - the extensions block has to contain at least one element. |
So there are OCSP responders producing such responses, and even if we manage to make them fix that, we would still have to live with OCSP responses stored in long-term signatures. Therefore it is desirable to have means to load such responses without re-coding the same logic just without that check. |
Great... okay, I can see the problem, leave it with me, we'll try and sort something out the next release (unfortunately 1.78 is already in process). |
Quick question are you using the Java 8 and later release? I have to do an LTS release next. I can probably deal with this in that. |
We are using Java 8 and bc*-jdk18on 1.76. It would be acceptable to wait until 1.79 is out. I wasn't aware of LTS until now. Maybe it would be possible to switch to LTS, though it sounds as a bigger change, and there might be issues because of other libraries depending on non-LTS versions - applications might end up having both sets of libraries because of transitive dependencies, as the Maven artifacts have different identifiers. |
The check in the parser for ANS.1 structures will be disabled. We will continue to enforce correct construction. Hope to make a beta for this available soon. |
This has been fixed in 1.78.1, which is now appearing on Maven Central and bouncycastle.org |
Perfect, thanks! I can confirm the issue is resolved now. |
Changes introduced with #1479 are preventing OCSP responses with empty extensions sequences from loading.
For example, trying to load this SK_OCSP_202404.dmp:
now fails with:
The text was updated successfully, but these errors were encountered: