Mercurial > hg > release > icedtea6-1.11
view patches/openjdk/7199143-OCSP_timeout.patch @ 2912:d59bbf7333e0
Backport additional fixes.
Additional fixes were applied to jdk7u as part of the security release.
This patch includes a subset of them.
2013-07-01 Omair Majid <omajid@redhat.com>
* patches/openjdk/7188114-alternate_command_line_parser.patch,
* patches/openjdk/7199143-OCSP_timeout.patch,
* patches/openjdk/8006120-server_jre.patch,
* patches/openjdk/8006536-remove_trailing_slashes.patch,
* patches/openjdk/8009165-inappropriate_method_in_reflectutil.patch,
* patches/openjdk/8009217-fix_test_compile.patch,
* patches/openjdk/8009463-space_and_final_backslash.patch,
* patches/openjdk/8009610-blacklist_malware_certificate.patch,
* patches/openjdk/8010213-set_socketoptions_windows.patch,
* patches/openjdk/8010714-xml_dsig_retrievalmethod.patch,
* patches/openjdk/8011154-awt_regresssion.patch,
* patches/openjdk/8011313-OCSP_timeout_wrong_value.patch,
* patches/openjdk/8011992-MlibOpsTest_failed.patch,
* patches/openjdk/8012112-MlibOpsTest_fails.patch,
* patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch,
* patches/openjdk/8012933-appcontext_disposed_too_early.patch,
* patches/openjdk/8013196-TimeZone_getDefault_throws_exception.patch,
* patches/openjdk/8014205-blank_swing_dialogs_windows.patch,
* patches/openjdk/8014427-raster_regresssion.patch,
* patches/openjdk/8014618-strip_leading_zeros_premastersecret.patch,
* patches/openjdk/8014676-javadebugger_space_in_paths.patch,
* patches/openjdk/8014968-OCSP_timeout_default.patch: New file.
Backport from icedtea/openjdk 7.
* Makefile.am (ICEDTEA_PATCHES): Apply the above.
* patches/ecj/override.patch: Add new hunk for BufferedImage.
* NEWS: Update with backports.
author | Omair Majid <omajid@redhat.com> |
---|---|
date | Mon, 01 Jul 2013 21:05:04 -0400 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User andrew # Date 1372302277 18000 # Node ID 5db08be3f8c2f84a02ff21c433d319205865d5d5 # Parent af2db2941f434093f07571ce1bbb35666a596694 7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout Summary: Added com.sun.security.ocsp.timeout system property to control timeout Reviewed-by: mullan, vinnie Contributed-by: jason.uh@oracle.com --- openjdk/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java +++ openjdk/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java @@ -43,6 +43,7 @@ import java.util.Map; import static sun.security.provider.certpath.OCSPResponse.*; +import sun.security.action.GetIntegerAction; import sun.security.util.Debug; import sun.security.x509.AccessDescription; import sun.security.x509.AuthorityInfoAccessExtension; @@ -65,7 +66,31 @@ private static final Debug debug = Debug.getInstance("certpath"); - private static final int CONNECT_TIMEOUT = 15000; // 15 seconds + private static final int DEFAULT_CONNECT_TIMEOUT = 15000; + + /** + * Integer value indicating the timeout length, in seconds, to be + * used for the OCSP check. A timeout of zero is interpreted as + * an infinite timeout. + */ + private static final int CONNECT_TIMEOUT = initializeTimeout(); + + /** + * Initialize the timeout length by getting the OCSP timeout + * system property. If the property has not been set, or if its + * value is negative, set the timeout length to the default. + */ + private static int initializeTimeout() { + int tmp = java.security.AccessController.doPrivileged( + new GetIntegerAction("com.sun.security.ocsp.timeout", + DEFAULT_CONNECT_TIMEOUT)); + if (tmp < 0) { + tmp = DEFAULT_CONNECT_TIMEOUT; + } + // Convert to milliseconds, as the system property will be + // specified in seconds + return tmp * 1000; + } private OCSP() {}