Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8011313

OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined

    Details

    • Subcomponent:
    • Introduced In Version:
      8
    • Resolved In Build:
      b88
    • Verification:
      Verified

      Backports

        Description

         int tmp = java.security.AccessController.doPrivileged(
        + new GetIntegerAction("com.sun.security.ocsp.timeout",
        + DEFAULT_CONNECT_TIMEOUT));
        + if (tmp < 0) {
        + return DEFAULT_CONNECT_TIMEOUT;
        + }
        + // Convert to milliseconds, as the system property will be
        + // specified in seconds
        + return tmp * 1000;

        This would still fail and set timeout to 4 hours if "com.sun.security.ocsp.timeout" is not defined.

        Since GetIntegerAction is used with default value, if the property is not defined then tmp will be set to DEFAULT_CONNECT_TIMEOUT of 15000 and method will return 15000 * 1000.

        Suggestion would be to change DEFAULT_CONNECT_TIMEOUT to be in seconds instead of milliseconds. This would be consistent with the timeout property value.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mullan Sean Mullan
                  Reporter:
                  rhalade Rajan Halade
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: