RFR: 7199143: OCSP revocation checker should provide possibility to specify connection timeout
Sean Mullan
sean.mullan at oracle.com
Wed Nov 28 13:45:48 UTC 2012
On 11/28/2012 04:52 AM, Vincent Ryan wrote:
> Your change looks fine.
>
> I've just a comment about the units: many of the current system properties that control timeouts are
> in milliseconds. A timeout of one second may be too long for some environments.
I've looked at other implementations that support an OCSP timeout
configuration and the ones I have found all use seconds. The default
value is 15 seconds, so if there is a timeout, I think most users would
bump it up by a few more seconds, say to 30 or 60 seconds, and
milliseconds would be too fine grained.
Fix looks good to me too.
--Sean
>
>
>
> On 27 Nov 2012, at 23:00, Jason Uh wrote:
>
>> Could I please get a review of
>> http://cr.openjdk.java.net/~juh/7199143/webrev.00/
>>
>> This changeset makes the OCSP connection timeout length configurable through a system property. Note that there is no regression test here, as Artem will be writing one separately.
>>
>> Thanks,
>> Jason
>
More information about the security-dev
mailing list