6885667: CertPath/CertPathValidatorTest/bugs/bug6383078 fails on jdk6u18/b02, jdk7/pit/b73 and passes on b72.
Summary: Wrap all OCSP exceptions in CertPathValidatorException so that we can fallback to CRLs, if enabled.
Reviewed-by: dgu, xuelei
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java Sat Oct 10 10:14:51 2009 +0100
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java Wed Oct 14 09:36:31 2009 -0400
@@ -64,6 +64,8 @@
private static final Debug debug = Debug.getInstance("certpath");
+ private static final int CONNECT_TIMEOUT = 15000; // 15 seconds
+
private OCSP() {}
/**
@@ -176,6 +178,8 @@
debug.println("connecting to OCSP service at: " + url);
}
HttpURLConnection con = (HttpURLConnection)url.openConnection();
+ con.setConnectTimeout(CONNECT_TIMEOUT);
+ con.setReadTimeout(CONNECT_TIMEOUT);
con.setDoOutput(true);
con.setDoInput(true);
con.setRequestMethod("POST");
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Sat Oct 10 10:14:51 2009 +0100
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java Wed Oct 14 09:36:31 2009 -0400
@@ -25,7 +25,6 @@
package sun.security.provider.certpath;
-import java.io.IOException;
import java.math.BigInteger;
import java.util.*;
import java.security.AccessController;
@@ -335,10 +334,11 @@
(issuerCert, currCertImpl.getSerialNumberObject());
response = OCSP.check(Collections.singletonList(certId), uri,
responderCert, pkixParams.getDate());
- } catch (IOException ioe) {
- // should allow this to pass if network failures are acceptable
+ } catch (Exception e) {
+ // Wrap all exceptions in CertPathValidatorException so that
+ // we can fallback to CRLs, if enabled.
throw new CertPathValidatorException
- ("Unable to send OCSP request", ioe);
+ ("Unable to send OCSP request", e);
}
RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId);