JDK-7199143 : RFE: OCSP revocation checker should provide possibility to specify connection timeout
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-09-18
  • Updated: 2017-05-17
  • Resolved: 2012-12-03
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u25Fixed 8 b68Fixed
Related Reports
Relates :  
Relates :  
Description
Currently there is no possiblity to specify timeout value for OCSP checker. OCSP responder may be reachable, but just slow. As a result, OCSP checking may fail. To avoid that failures, it needs a possibility to set timeout values for OCSP checker.

Comments
SQE ok.
29-04-2013

The code change for providing possibility to specify connection timeout ,This bug could be closed. JDK-8006853 will cover the issue about OCSP timeout set to wrong value if com.sun.security.ocsp.timeout < 0
25-01-2013

That's actually a bug that you just found. It should set it to 15000 (15 seconds) if tmp is < 0. I'll file a bug.
24-01-2013

I am doing the bug verificaion. A small question for this change. If the value tmp less than 0, then the CONNECT_TIMEOUT will set 15000*1000 about 4 hours , Does this value too large?How to define this value would be acceptable? Thanks.
24-01-2013

Added noreq-sqe label. A new SQE test will be added to test this, see 7600661.
03-12-2012

SUGGESTED FIX The timeout can be set via system property like this: ... private static final int CONNECT_TIMEOUT = Integer.getInteger("some.property.name"); ... But I think some get/set interface is more flexible.
18-09-2012