Merge
authormullan
Wed, 14 Oct 2009 09:47:22 -0400
changeset 4045 7c72ce9392fc
parent 4043 d9543f5b7f71 (current diff)
parent 4044 b2b2ee2ca90c (diff)
child 4046 871e26a824cc
child 4211 10ea9f654342
Merge
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java	Tue Oct 13 17:34:48 2009 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java	Wed Oct 14 09:47:22 2009 -0400
@@ -64,6 +64,8 @@
 
     private static final Debug debug = Debug.getInstance("certpath");
 
+    private static final int CONNECT_TIMEOUT = 15000; // 15 seconds
+
     private OCSP() {}
 
     /**
@@ -176,6 +178,8 @@
                 debug.println("connecting to OCSP service at: " + url);
             }
             HttpURLConnection con = (HttpURLConnection)url.openConnection();
+            con.setConnectTimeout(CONNECT_TIMEOUT);
+            con.setReadTimeout(CONNECT_TIMEOUT);
             con.setDoOutput(true);
             con.setDoInput(true);
             con.setRequestMethod("POST");
--- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java	Tue Oct 13 17:34:48 2009 -0700
+++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java	Wed Oct 14 09:47:22 2009 -0400
@@ -25,7 +25,6 @@
 
 package sun.security.provider.certpath;
 
-import java.io.IOException;
 import java.math.BigInteger;
 import java.util.*;
 import java.security.AccessController;
@@ -335,10 +334,11 @@
                 (issuerCert, currCertImpl.getSerialNumberObject());
             response = OCSP.check(Collections.singletonList(certId), uri,
                 responderCert, pkixParams.getDate());
-        } catch (IOException ioe) {
-            // should allow this to pass if network failures are acceptable
+        } catch (Exception e) {
+            // Wrap all exceptions in CertPathValidatorException so that
+            // we can fallback to CRLs, if enabled.
             throw new CertPathValidatorException
-                ("Unable to send OCSP request", ioe);
+                ("Unable to send OCSP request", e);
         }
 
         RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId);