[PDFBOX-4696] Endless loop in OCSP certificate check - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.17
Fix Version/s: 2.0.18, 3.0.0 PDFBox
Component/s: Crypto
Labels:
None

Description

There's an endless loop when checking the certificate of an OCSP response with a specific TSA. Solution: CertificateVerifier.verifyOCSP must make sure when checking the certificate of the responder that this isn't the certificate it is checking right now.

There's also a recursion in AddValidationInformation.addOcspData() which then calls updateVRI(), which ends up checking the certificate again later, so I'll use a set to prevent that to happen.

Attachments

Activity

People

Assignee:: Tilman Hausherr

Reporter:: Tilman Hausherr

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Nov/19 08:57

Updated:: 23/Dec/19 22:16

Resolved:: 24/Nov/19 10:36