Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 8
Affects Version/s: 8
Component/s: security-libs
Labels:

Subcomponent:
java.security
Introduced In Version:

8
Resolved In Build:
b88
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8013709	7u45	Sean Mullan	P3	Closed	Fixed	b01
JDK-8013963	7u40	Sean Mullan	P3	Closed	Fixed	b30
JDK-8012959	7u25	Sean Mullan	P3	Closed	Not an Issue	b09

int tmp = java.security.AccessController.doPrivileged(
+ new GetIntegerAction("com.sun.security.ocsp.timeout",
+ DEFAULT_CONNECT_TIMEOUT));
+ if (tmp < 0) {
+ return DEFAULT_CONNECT_TIMEOUT;
+ }
+ // Convert to milliseconds, as the system property will be
+ // specified in seconds
+ return tmp * 1000;

This would still fail and set timeout to 4 hours if "com.sun.security.ocsp.timeout" is not defined.

Since GetIntegerAction is used with default value, if the property is not defined then tmp will be set to DEFAULT_CONNECT_TIMEOUT of 15000 and method will return 15000 * 1000.

Suggestion would be to change DEFAULT_CONNECT_TIMEOUT to be in seconds instead of milliseconds. This would be consistent with the timeout property value.

backported by

JDK-8012959 OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined

Closed

JDK-8013709 OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined

Closed

JDK-8013963 OCSP timeout set to wrong value if com.sun.security.ocsp.timeout not defined

Closed

relates to

JDK-8006853 OCSP timeout set to wrong value if com.sun.security.ocsp.timeout < 0

Closed

JDK-7199143 RFE: OCSP revocation checker should provide possibility to specify connection timeout

Closed

Assignee:: Sean Mullan

Reporter:: Rajan Halade

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2013-04-02 14:27

Updated:: 2013-12-16 16:05

Resolved:: 2013-04-25 08:56

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates