JDK-8006853 : OCSP timeout set to wrong value if com.sun.security.ocsp.timeout < 0
Type:Bug
Component:security-libs
Sub-Component:java.security
Affected Version:8
Priority:P4
Status:Closed
Resolution:Fixed
OS:generic
CPU:generic
Submitted:2013-01-24
Updated:2013-04-02
Resolved:2013-03-01
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
If the com.sun.security.ocsp.timeout property is set to a negative value, then it should be ignored and the default timeout (15 seconds) should be used. A bug in the code sets it to 15000 seconds.
Comments
See Also CR - ID JDK-8011313
02-04-2013
Suggested fix:
Change:
if (tmp < 0) {
tmp = DEFAULT_CONNECT_TIMEOUT;
}
to:
if (tmp < 0) {
return DEFAULT_CONNECT_TIMEOUT;
}