[jdk17u-dev] RFR: 8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts
HempushpaSahu
duke at openjdk.org
Mon Nov 18 14:22:00 UTC 2024
On Mon, 11 Nov 2024 18:50:30 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
>> Pasting @GoeLin's question from #2754 here:
>>
>>> What happens if someone has set com.sun.security.crl.timeout and installs the update. Will that value be taken over to com.sun.security.ocsp.readtimeout, or will that fall back to 15s?
>
>> Pasting @GoeLin's question from #2754 here:
>>
>> > What happens if someone has set com.sun.security.crl.timeout and installs the update. Will that value be taken over to com.sun.security.ocsp.readtimeout, or will that fall back to 15s?
>
> Hi @GoeLin, you are right. The new "com.sun.security.ocsp.readtimeout" property is set independently of "com.sun.security.crl.timeout". In your case, it will fall back to the default 15s value. It changes current behavior.
> I can update this logic to change the default read timeout to the "com.sun.security.crl.timeout" value.
Hi @alexeybakhtin , I have tested the four backports mentioned above together, and they have passed successfully. Should we include these tests as part of the PR?
Thanks.
-------------
PR Comment: https://git.openjdk.org/jdk17u-dev/pull/2747#issuecomment-2483177950
More information about the jdk-updates-dev
mailing list