Details
-
Bug
-
Resolution: Fixed
-
P3
-
8
-
b88
-
Verified
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8013709 | 7u45 | Sean Mullan | P3 | Closed | Fixed | b01 |
JDK-8013963 | 7u40 | Sean Mullan | P3 | Closed | Fixed | b30 |
JDK-8012959 | 7u25 | Sean Mullan | P3 | Closed | Not an Issue | b09 |
Description
int tmp = java.security.AccessController.doPrivileged(
+ new GetIntegerAction("com.sun.security.ocsp.timeout",
+ DEFAULT_CONNECT_TIMEOUT));
+ if (tmp < 0) {
+ return DEFAULT_CONNECT_TIMEOUT;
+ }
+ // Convert to milliseconds, as the system property will be
+ // specified in seconds
+ return tmp * 1000;
This would still fail and set timeout to 4 hours if "com.sun.security.ocsp.timeout" is not defined.
Since GetIntegerAction is used with default value, if the property is not defined then tmp will be set to DEFAULT_CONNECT_TIMEOUT of 15000 and method will return 15000 * 1000.
Suggestion would be to change DEFAULT_CONNECT_TIMEOUT to be in seconds instead of milliseconds. This would be consistent with the timeout property value.
+ new GetIntegerAction("com.sun.security.ocsp.timeout",
+ DEFAULT_CONNECT_TIMEOUT));
+ if (tmp < 0) {
+ return DEFAULT_CONNECT_TIMEOUT;
+ }
+ // Convert to milliseconds, as the system property will be
+ // specified in seconds
+ return tmp * 1000;
This would still fail and set timeout to 4 hours if "com.sun.security.ocsp.timeout" is not defined.
Since GetIntegerAction is used with default value, if the property is not defined then tmp will be set to DEFAULT_CONNECT_TIMEOUT of 15000 and method will return 15000 * 1000.
Suggestion would be to change DEFAULT_CONNECT_TIMEOUT to be in seconds instead of milliseconds. This would be consistent with the timeout property value.
Attachments
Issue Links
- backported by
-
JDK-8012959 OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined
- Closed
-
JDK-8013709 OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined
- Closed
-
JDK-8013963 OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined
- Closed
- relates to
-
JDK-8006853 OCSP timeout set to wrong value if com.sun.security.ocsp.timeout < 0
- Closed
-
JDK-7199143 RFE: OCSP revocation checker should provide possibility to specify connection timeout
- Closed