On Tue, 9 May 2023 15:01:29 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Jamil Nimeh has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Add 's' suffix to allowed syntax > > src/java.base/share/classes/sun/security/provider/certpath/OCSP.java line 1: > >> 1: /* > > I see there is no way to individually control the OCSP read and connect > timeouts like there is for certs and CRLs. Perhaps this isn't as big an > issue, but when you set the OCSP timeout, it really means 2x what you set. Yes, I noticed that too. I wasn't sure if we needed to make a change there. I opted to leave well-enough alone since nobody was asking for it and it's one less property to keep track of. All of these property sets end up with a max latency of connect-timeout + read-timeout, and by default they are set to the same values. So in practice much of the time they are all 2x. It's easy enough I think to make a separate property for `com.sun.security.ocsp.readtimeout` and then the existing `.timeout` property would be for connect timeouts (keeping in line with the other props). I don't think it will introduce significant risk but I will highlight that in the CSR. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13762#discussion_r1188816429
