Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8011313

OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined

XMLWordPrintable

    • 8
    • b88
    • Verified

         int tmp = java.security.AccessController.doPrivileged(
        + new GetIntegerAction("com.sun.security.ocsp.timeout",
        + DEFAULT_CONNECT_TIMEOUT));
        + if (tmp < 0) {
        + return DEFAULT_CONNECT_TIMEOUT;
        + }
        + // Convert to milliseconds, as the system property will be
        + // specified in seconds
        + return tmp * 1000;

        This would still fail and set timeout to 4 hours if "com.sun.security.ocsp.timeout" is not defined.

        Since GetIntegerAction is used with default value, if the property is not defined then tmp will be set to DEFAULT_CONNECT_TIMEOUT of 15000 and method will return 15000 * 1000.

        Suggestion would be to change DEFAULT_CONNECT_TIMEOUT to be in seconds instead of milliseconds. This would be consistent with the timeout property value.

              mullan Sean Mullan
              rhalade Rajan Halade
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: