Integrated: 8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts
Jamil Nimeh
jnimeh at openjdk.org
Tue May 23 21:36:09 UTC 2023
On Tue, 2 May 2023 21:12:31 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:
> This set of enhancements extends the allowed syntax for the `com.sun.security.ocsp.timeout`, `com.sun.security.crl.timeout` and `com.sun.security.crl.readtimeout` System properties. These properties retain their current behavior where a purely numeric value is interpreted in seconds, but now the numeric value may also be appended with "ms" (case-insensitive) to be interpreted as milliseconds.
>
> This enhancement also adds two new System properties: `com.sun.security.cert.timeout` and `com.sun.security.cert.readtimeout` which follow the same new allowed syntax. These timeouts only come into play when an AIA extension on a certificate is followed for pulling the issuing authority certificate and only when the `com.sun.security.enableAIAcaIssuers` property is true (default false).
>
> JBS: https://bugs.openjdk.org/browse/JDK-8179502
> CSR: https://bugs.openjdk.org/browse/JDK-8300722
This pull request has now been integrated.
Changeset: 2836c34b
Author: Jamil Nimeh <jnimeh at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/2836c34b64e4626e25c86a53e5bef2bf32f95d2e
Stats: 913 lines in 7 files changed: 795 ins; 25 del; 93 mod
8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts
Reviewed-by: mullan
-------------
PR: https://git.openjdk.org/jdk/pull/13762
More information about the security-dev
mailing list