JDK-8337826 : Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-08-05
  • Updated: 2025-04-29
  • Resolved: 2024-08-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 21 JDK 24
17.0.15Fixed 21.0.6Fixed 24 b10Fixed
Related Reports
Relates :  
JDK-8309754 - java/security/cert/CertPathValidator/OCSP/OCSPTimeout.java failed with "Expected to pass, found 1 soft fail exceptions"
Relates :  
JDK-8179502 - Enhance OCSP, CRL and Certificate Fetch Timeouts
Relates :  
JDK-8309740 - Expand timeout windows for tests in JDK-8179502
Description
The OCSPTimeout test introduced in JDK-8179502 had windows that were too tightly bound for some CI infrastructures.  This was largely corrected in JDK-8309740, but OCSPTimeout still has occasional failures, but they are much more rare and very difficult to reproduce.  They may not even be timing related any longer.

This enhancement seeks to add some more detailed log messages on the cert path validator (client) and SimpleOCSPServer (server) sides to the OCSP test so when the issue does happen again we can hopefully get more information to help diagnose or reproduce the failure.
Comments
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk17u-dev/pull/3058 Date: 2024-11-18 22:18:15 +0000
17-01-2025
Fix request [21u] I'd like to backport this fix of the tests as a follow-up for JDK-8179502 The backport is clean.
19-11-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk21u-dev/pull/1162 Date: 2024-11-19 22:06:38 +0000
19-11-2024
[~abakhtin], this should go to jdk 21 first. Removing jdk 17 fix request label for now.
19-11-2024
Fix request [17u] I'd like to backport this fix of the tests as a follow-up for JDK-8179502 The backport is clean.
18-11-2024
Changeset: 9b11bd7f Branch: master Author: Jamil Nimeh <jnimeh@openjdk.org> Date: 2024-08-07 21:06:47 +0000 URL: https://git.openjdk.org/jdk/commit/9b11bd7f4a511ddadf9f02e82aab6ba78beb6763
07-08-2024
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/20471 Date: 2024-08-05 19:01:30 +0000
05-08-2024
Based on the few failures we've seen since JDK-8309740, it looks like it may be less of a timing issue and possibly a decoding issue with the OCSP GET request. It is unclear at this point, but the failure cases all appear to not be getting past SimpleOCSPServer's LocalOCSPRequest constructor as they do in the passing cases. This is a strange place to stop, since it happens well before any inserted latency and the timeouts are relatively long (5 seconds at the shortest, 15 at the longest).
05-08-2024