You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Tilman Hausherr (Jira)" <ji...@apache.org> on 2019/11/24 10:37:00 UTC
[jira] [Resolved] (PDFBOX-4696) Endless loop in OCSP certificate
check
[ https://issues.apache.org/jira/browse/PDFBOX-4696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tilman Hausherr resolved PDFBOX-4696.
-------------------------------------
Resolution: Fixed
> Endless loop in OCSP certificate check
> --------------------------------------
>
> Key: PDFBOX-4696
> URL: https://issues.apache.org/jira/browse/PDFBOX-4696
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 2.0.17
> Reporter: Tilman Hausherr
> Assignee: Tilman Hausherr
> Priority: Major
> Fix For: 2.0.18, 3.0.0 PDFBox
>
>
> There's an endless loop when checking the certificate of an OCSP response with a specific TSA. Solution: {{CertificateVerifier.verifyOCSP}} must make sure when checking the certificate of the responder that this isn't the certificate it is checking right now.
> There's also a recursion in {{AddValidationInformation.addOcspData()}} which then calls {{updateVRI()}}, which ends up checking the certificate again later, so I'll use a set to prevent that to happen.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org