Provide a system property for configuring the read timeout for Certificate Revocation Lists (CRLs).
There is currently no read timeout when downloading CRLs from a URL. For security and performance reasons, there should be a default timeout and a way for users to configure the timeout.
Add a system property named "com.sun.security.crl.readtimeout" with a default value of 15 seconds. The name is chosen to be consistent with the existing "com.sun.security.crl.timeout" system property which controls the connection timeout.
com.sun.security.crl.readtimeout system property sets the maximum read timeout for CRL retrievals, in seconds. If the property has not been set, or if its value is negative, it is set to the default value of 15 seconds. A value of 0 means an infinite timeout.
This property will be documented in the Release Notes and the PKI Programmer's Guide.