JDK-8006853 : OCSP timeout set to wrong value if com.sun.security.ocsp.timeout < 0
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2013-01-24
  • Updated: 2013-04-02
  • Resolved: 2013-03-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8
8 b82Fixed
Related Reports
Relates :  
JDK-7199143 - RFE: OCSP revocation checker should provide possibility to specify connection timeout
Relates :  
JDK-8011313 - OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined
Description
If the com.sun.security.ocsp.timeout property is set to a negative value, then it should be ignored and the default timeout (15 seconds) should be used. A bug in the code sets it to 15000 seconds.
Comments
See Also CR - ID JDK-8011313
02-04-2013
Suggested fix: Change: if (tmp < 0) { tmp = DEFAULT_CONNECT_TIMEOUT; } to: if (tmp < 0) { return DEFAULT_CONNECT_TIMEOUT; }
24-01-2013