Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P4
Fix Version/s: 23
Affects Version/s: 21, 23
Component/s: security-libs
Labels:

Subcomponent:
javax.security
Resolved In Build:
b17

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8329684	22.0.2	Aleksey Shipilev	P4	Resolved	Fixed	b03
JDK-8329686	21.0.4	Aleksey Shipilev	P4	Resolved	Fixed	b01
JDK-8329799	17.0.12	Aleksey Shipilev	P4	Resolved	Fixed	b01

(Noticed this while doing ~~JDK-8328638~~ backports)

~~JDK-8328638~~ introduced a new boolean option, `com.sun.security.ocsp.useget`. We use the usual `Boolean.parseBoolean` to convert it from String to boolean value, which works correctly for `false` and `true` as boolean values. However, any string that is not `true` would be treated as `false`. Which means that if users mistype the value, they would not get the default behavior pre-~~JDK-8328638~~, but rather a fallback, non-default behavior.

It would be preferable to validate the option range a bit better, and default to the correct value on any error.

backported by

JDK-8329684 Better validation for com.sun.security.ocsp.useget option

Resolved

JDK-8329686 Better validation for com.sun.security.ocsp.useget option

Resolved

JDK-8329799 Better validation for com.sun.security.ocsp.useget option

Resolved

relates to

JDK-8328638 Fallback option for POST-only OCSP requests

Resolved

links to

Commit openjdk/jdk17u-dev/533fac61

Commit openjdk/jdk21u-dev/fbc5871c

Commit openjdk/jdk22u/8d7d8a49

Commit openjdk/jdk/4a14cba2

Review openjdk/jdk17u-dev/2338

Review openjdk/jdk21u-dev/413

Review openjdk/jdk22u/121

Review openjdk/jdk/18525

(7 links to)

Assignee:: Aleksey Shipilev

Reporter:: Aleksey Shipilev

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024-03-27 12:14

Updated:: 2024-04-09 04:22

Resolved:: 2024-04-01 10:28

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates