Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8296343: CPVE thrown on missing content-length in OCSP response #1361

Closed
wants to merge 1 commit into from

Conversation

apavlyutkin
Copy link
Contributor

@apavlyutkin apavlyutkin commented May 18, 2023

Hi!

Here is backport of JDK-8296343. The patch fixes CertPathValidatorException taking place if OCSP response does not contain ContentLength field.

Original patch is applied cleanly.

Verification/regression (amd64/20.04 LTS): jdk_security including newly added test/jdk/sun/security/provider/certpath/OCSP/OCSPNoContentLength.java


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue

Issue

  • JDK-8296343: CPVE thrown on missing content-length in OCSP response

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk17u-dev.git pull/1361/head:pull/1361
$ git checkout pull/1361

Update a local copy of the PR:
$ git checkout pull/1361
$ git pull https://git.openjdk.org/jdk17u-dev.git pull/1361/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 1361

View PR using the GUI difftool:
$ git pr show -t 1361

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk17u-dev/pull/1361.diff

Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented May 18, 2023

👋 Welcome back apavlyutkin! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot changed the title Backport 1a3cb8c5018bc016c2ad6b078e4abe13b39d151c 8296343: CPVE thrown on missing content-length in OCSP response May 18, 2023
@openjdk
Copy link

openjdk bot commented May 18, 2023

This backport pull request has now been updated with issue from the original commit.

@openjdk
Copy link

openjdk bot commented May 18, 2023

@apavlyutkin This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8296343: CPVE thrown on missing content-length in OCSP response

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 6 new commits pushed to the master branch:

  • 879f4c5: 8297154: Improve safepoint cleanup logging
  • 2913a8d: 8306753: Open source several container AWT tests
  • 406d6ba: 8307378: Allow collectors to provide specific values for GC notifications' actions
  • 36c364d: 8284331: Add sanity check for signal handler modification warning.
  • 4a0f0f4: 8276058: Some swing test fails on specific CI macos system
  • f2e837f: 8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

@openjdk openjdk bot added ready Pull request is ready to be integrated rfr Pull request is ready for review labels May 18, 2023
@mlbridge
Copy link

mlbridge bot commented May 18, 2023

Webrevs

@apavlyutkin
Copy link
Contributor Author

/integrate

@openjdk openjdk bot added the sponsor Pull request is ready to be sponsored label May 23, 2023
@yan-too
Copy link

yan-too commented May 23, 2023

/sponsor

@openjdk
Copy link

openjdk bot commented May 23, 2023

@apavlyutkin
Your change (at version 46233d1) is now ready to be sponsored by a Committer.

@openjdk
Copy link

openjdk bot commented May 23, 2023

Going to push as commit 32fda32.
Since your change was applied there have been 7 commits pushed to the master branch:

  • 6b362e4: 8261495: Shenandoah: reconsider update references memory ordering
  • 879f4c5: 8297154: Improve safepoint cleanup logging
  • 2913a8d: 8306753: Open source several container AWT tests
  • 406d6ba: 8307378: Allow collectors to provide specific values for GC notifications' actions
  • 36c364d: 8284331: Add sanity check for signal handler modification warning.
  • 4a0f0f4: 8276058: Some swing test fails on specific CI macos system
  • f2e837f: 8304350: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label May 23, 2023
@openjdk openjdk bot closed this May 23, 2023
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review sponsor Pull request is ready to be sponsored labels May 23, 2023
@openjdk
Copy link

openjdk bot commented May 23, 2023

@yan-too @apavlyutkin Pushed as commit 32fda32.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@GoeLin
Copy link
Member

GoeLin commented May 24, 2023

Hi @apavlyutkin
since this push we see OCSPNoContentLength.java failing in out nightly tests.
There is a related issue handling this: JDK-8300939

sun/security/provider/certpath/OCSP/OCSPNoContentLength.java fails due to network errors

Please backport this, too!
And next time please check related issues in the JBS Bug before labeling fix-request!!!!

@apavlyutkin
Copy link
Contributor Author

Hi @apavlyutkin since this push we see OCSPNoContentLength.java failing in out nightly tests. There is a related issue handling this: JDK-8300939

sun/security/provider/certpath/OCSP/OCSPNoContentLength.java fails due to network errors

Please backport this, too! And next time please check related issues in the JBS Bug before labeling fix-request!!!!

#1394

@phax
Copy link

phax commented Jan 10, 2024

Dear all. The problem with OCSP responders not returning Content-Length header is still present and needs fixing. Please don't forget this one....

@phax
Copy link

phax commented Jan 17, 2024

@apavlyutkin what needs to be done, to get this issue back on track?

@apavlyutkin
Copy link
Contributor Author

I will take a look. Thank you

@phax
Copy link

phax commented Jan 31, 2024

@apavlyutkin do you have a new issue or ticket number for me that tackles the OCSP issue?

@phax
Copy link

phax commented Feb 29, 2024

@apavlyutkin is there any specific process I should follow? Shall I create a new ticket?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport clean integrated Pull request has been integrated
4 participants