[jdk17u-dev] RFR: 8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts [v2]
Alexey Bakhtin
abakhtin at openjdk.org
Mon Nov 18 22:32:52 UTC 2024
On Thu, 14 Nov 2024 01:24:20 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:
>> Hi @franferrax
>> Thank you for the finding. I'll remove `DEFAULT_READ_TIMEOUT`
>> You are right, the CSR for update releases should be updated for `com.sun.security.ocsp.readtimeout` default value. I'll do it and ask you to review it from an engineering point of view.
>> I hope in this way, without backward compatibility, the patch will be accepted.
>
> I will take a look, but please note I'm not a Reviewer.
>
> One more comment, I see that the following issues are not part of the backport. Although all of them are test-only changes (mostly tuning the timeout), we might also want to include these to avoid some instability.
>
> * [JDK-8309740](https://bugs.openjdk.org/browse/JDK-8309740 "Expand timeout windows for tests in JDK-8179502"), openjdk/jdk at 5ca4cdd2caceba9dad8025e5a8851740a3961921
> * [JDK-8310629](https://bugs.openjdk.org/browse/JDK-8310629 "java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java fails with RuntimeException Server not ready"), openjdk/jdk at b20dc1e9cda1ea3a76b3f14c778c6816e5cc1c0c
> * [JDK-8325024](https://bugs.openjdk.org/browse/JDK-8325024 "java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java incorrect comment information"), openjdk/jdk at 432756b6e51c903e2bff8b9c3028a4f2ea8973f4
> * [JDK-8337826](https://bugs.openjdk.org/browse/JDK-8337826 "Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754"), openjdk/jdk at 9b11bd7f4a511ddadf9f02e82aab6ba78beb6763
>
> The last one is an ongoing effort to try to fix [JDK-8309754](https://bugs.openjdk.org/browse/JDK-8309754 "java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java failed with "Expected to pass, found 1 soft fail exceptions""), so we could alternatively wait for that fix and then make all the 5 backports together.
Backport PRs are created for test fixes
-------------
PR Review Comment: https://git.openjdk.org/jdk17u-dev/pull/2747#discussion_r1847362520
More information about the jdk-updates-dev
mailing list