[
https://issues.apache.org/jira/browse/PDFBOX-4696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-4696:
------------------------------------
Description:
There's an endless loop when checking the certificate of an OCSP response with
a specific TSA. Solution: {{CertificateVerifier.verifyOCSP}} must make sure
when checking the certificate of the responder that this isn't the certificate
it is checking right now.
There's also a recursion in {{AddValidationInformation.addOcspData()}} which
then calls {{updateVRI()}}, which ends up checking the certificate again later,
so I'll use a set to prevent that to happen.
was:There's an endless loop when checking the certificate of an OCSP response
with a specific TSA. Solution: {{CertificateVerifier.verifyOCSP}} must make
sure when checking the certificate of the responder that this isn't the
certificate it is checking right now.
> Endless loop in OCSP certificate check
> --------------------------------------
>
> Key: PDFBOX-4696
> URL: https://issues.apache.org/jira/browse/PDFBOX-4696
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 2.0.17
> Reporter: Tilman Hausherr
> Assignee: Tilman Hausherr
> Priority: Major
> Fix For: 2.0.18, 3.0.0 PDFBox
>
>
> There's an endless loop when checking the certificate of an OCSP response
> with a specific TSA. Solution: {{CertificateVerifier.verifyOCSP}} must make
> sure when checking the certificate of the responder that this isn't the
> certificate it is checking right now.
> There's also a recursion in {{AddValidationInformation.addOcspData()}} which
> then calls {{updateVRI()}}, which ends up checking the certificate again
> later, so I'll use a set to prevent that to happen.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
