RFR: 8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts [v5]
Jamil Nimeh
jnimeh at openjdk.org
Mon May 22 21:55:12 UTC 2023
> This set of enhancements extends the allowed syntax for the `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and `com.sun.security.crl.readtimeout` System properties. These properties retain their current behavior where a purely numeric value is interpreted in seconds, but now the numeric value may also be appended with "ms" (case-insensitive) to be interpreted as milliseconds.
>
> This enhancement also adds two new System properties: `com.sun.security.cert.timeout` and `com.sun.security.cert.readtimeout` which follow the same new allowed syntax. These timeouts only come into play when an AIA extension on a certificate is followed for pulling the issuing authority certificate and only when the `com.sun.security.enableAIAcaIssuers` property is true (default false).
>
> JBS: https://bugs.openjdk.org/browse/JDK-8179502
> CSR: https://bugs.openjdk.org/browse/JDK-8300722
Jamil Nimeh has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains eight additional commits since the last revision:
- Add additional debug message in timeout property parser
- Merge with main
- Use privilegedGetProperty, catch NFE following string match
- Add OCSP readtimeout property
- Add 's' suffix to allowed syntax
- Fix more whitespace errors
- Fix whitespace errors
- 8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/13762/files
- new: https://git.openjdk.org/jdk/pull/13762/files/e73818ef..659da859
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=13762&range=04
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=13762&range=03-04
Stats: 183453 lines in 3181 files changed: 133144 ins; 26618 del; 23691 mod
Patch: https://git.openjdk.org/jdk/pull/13762.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/13762/head:pull/13762
PR: https://git.openjdk.org/jdk/pull/13762
More information about the security-dev
mailing list