JDK-8329213 : Better validation for com.sun.security.ocsp.useget option
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.security
  • Affected Version: 21,23
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-03-27
  • Updated: 2025-01-08
  • Resolved: 2024-04-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 21 JDK 22 JDK 23
17.0.12Fixed 21.0.4Fixed 22.0.2Fixed 23 b17Fixed
Related Reports
Relates :  
JDK-8328638 - Fallback option for POST-only OCSP requests
Description
(Noticed this while doing JDK-8328638 backports)

JDK-8328638 introduced a new boolean option, `com.sun.security.ocsp.useget`. We use the usual `Boolean.parseBoolean` to convert it from String to boolean value, which works correctly for `false` and `true` as boolean values. However, any string that is not `true` would be treated as `false`. Which means that if users mistype the value, they would not get the default behavior pre-JDK-8328638, but rather a fallback, non-default behavior.

It would be preferable to validate the option range a bit better, and default to the correct value on any error.
Comments
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/18525 Date: 2024-03-27 19:31:35 +0000
08-01-2025
[jdk22u-fix-request] Approval Request from Aleksey Shipilëv Option checking followup for JDK-8328638. Risk is low, simple refactoring. Passes full jdk_security tests.
02-04-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk22u/pull/121 Date: 2024-04-02 20:33:02 +0000
02-04-2024
[jdk17u-fix-request] Approval Request from Aleksey Shipilëv Option checking followup for JDK-8328638. Risk is low, simple refactoring. Passes full jdk_security tests, eyeballed logs show the expected behavior.
02-04-2024
[jdk21u-fix-request] Approval Request from Aleksey Shipilëv Option checking followup for JDK-8328638. Risk is low, simple refactoring. Passes full jdk_security tests, eyeballed logs show the expected behavior.
02-04-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u-dev/pull/413 Date: 2024-03-27 15:28:36 +0000
02-04-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2338 Date: 2024-03-27 15:45:47 +0000
02-04-2024
Changeset: 4a14cba2 Author: Aleksey Shipilev <shade@openjdk.org> Date: 2024-04-01 17:27:00 +0000 URL: https://git.openjdk.org/jdk/commit/4a14cba2f1632c5cb91e37a07638ea6d8ad4ec00
01-04-2024