[jdk17u-dev] RFR: 8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts
Severin Gehwolf
sgehwolf at openjdk.org
Mon Nov 11 16:20:01 UTC 2024
On Sun, 28 Jul 2024 22:02:37 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> Hello, I'd like to backport JDK-8179502 to JDK17u to improve the timeout adjustment for OCSP GET requests (which was missed in JDK-8179503).
>
> The backport is almost clean except for the following:
> - OCSP.java was merged manually because of JDK-8328638 and JDK-8329213 is already backported into 17u-dev
> - copyright year in GetPropertyAction.java and URICertStore.java files are updated manually
> - CRLReadTimeout.java test is updated manually because of the different notation of internal X509CRLImpl and CRLExtensions classes.
>
> All new and related jtreg tests are passed
Pasting @GoeLin's question from #2754 here:
> What happens if someone has set com.sun.security.crl.timeout and installs the update. Will that value be taken over to com.sun.security.ocsp.readtimeout, or will that fall back to 15s?
-------------
PR Comment: https://git.openjdk.org/jdk17u-dev/pull/2747#issuecomment-2468549711
More information about the jdk-updates-dev
mailing list