# HG changeset patch # User andrew # Date 1372302277 18000 # Node ID 5db08be3f8c2f84a02ff21c433d319205865d5d5 # Parent af2db2941f434093f07571ce1bbb35666a596694 7199143: RFE: OCSP revocation checker should provide possibility to specify connection timeout Summary: Added com.sun.security.ocsp.timeout system property to control timeout Reviewed-by: mullan, vinnie Contributed-by: jason.uh@oracle.com diff -r af2db2941f43 -r 5db08be3f8c2 src/share/classes/sun/security/provider/certpath/OCSP.java --- a/src/share/classes/sun/security/provider/certpath/OCSP.java Wed Dec 05 16:55:05 2012 +0400 +++ b/src/share/classes/sun/security/provider/certpath/OCSP.java Wed Jun 26 22:04:37 2013 -0500 @@ -43,6 +43,7 @@ import static sun.security.provider.certpath.OCSPResponse.*; import sun.misc.IOUtils; +import sun.security.action.GetIntegerAction; import sun.security.util.Debug; import sun.security.x509.AccessDescription; import sun.security.x509.AuthorityInfoAccessExtension; @@ -65,7 +66,31 @@ private static final Debug debug = Debug.getInstance("certpath"); - private static final int CONNECT_TIMEOUT = 15000; // 15 seconds + private static final int DEFAULT_CONNECT_TIMEOUT = 15000; + + /** + * Integer value indicating the timeout length, in seconds, to be + * used for the OCSP check. A timeout of zero is interpreted as + * an infinite timeout. + */ + private static final int CONNECT_TIMEOUT = initializeTimeout(); + + /** + * Initialize the timeout length by getting the OCSP timeout + * system property. If the property has not been set, or if its + * value is negative, set the timeout length to the default. + */ + private static int initializeTimeout() { + int tmp = java.security.AccessController.doPrivileged( + new GetIntegerAction("com.sun.security.ocsp.timeout", + DEFAULT_CONNECT_TIMEOUT)); + if (tmp < 0) { + tmp = DEFAULT_CONNECT_TIMEOUT; + } + // Convert to milliseconds, as the system property will be + // specified in seconds + return tmp * 1000; + } private OCSP() {}