RFR: 8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts

Jamil Nimeh jnimeh at openjdk.org
Tue May 2 21:55:19 UTC 2023


This set of enhancements extends the allowed syntax for the `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and `com.sun.security.crl.readtimeout` System properties.  These properties retain their current behavior where a purely numeric value is interpreted in seconds, but now the numeric value may also be appended with "ms" (case-insensitive) to be interpreted as milliseconds.

This enhancement also adds two new System properties: `com.sun.security.cert.timeout` and `com.sun.security.cert.readtimeout` which follow the same new allowed syntax.  These timeouts only come into play when an AIA extension on a certificate is followed for pulling the issuing authority certificate and only when the `com.sun.security.enableAIAcaIssuers` property is true (default false).

JBS: https://bugs.openjdk.org/browse/JDK-8179502
CSR: https://bugs.openjdk.org/browse/JDK-8300722

-------------

Commit messages:
 - Fix more whitespace errors
 - Fix whitespace errors
 - 8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts

Changes: https://git.openjdk.org/jdk/pull/13762/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=13762&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8179502
  Stats: 873 lines in 7 files changed: 759 ins; 27 del; 87 mod
  Patch: https://git.openjdk.org/jdk/pull/13762.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/13762/head:pull/13762

PR: https://git.openjdk.org/jdk/pull/13762



More information about the security-dev mailing list