On Tue, 9 May 2023 15:56:02 GMT, Jamil Nimeh <jni...@openjdk.org> wrote:
>> Yes, I noticed that too. I wasn't sure if we needed to make a change there. >> I opted to leave well-enough alone since nobody was asking for it and it's >> one less property to keep track of. All of these property sets end up with >> a max latency of connect-timeout + read-timeout, and by default they are set >> to the same values. So in practice much of the time they are all 2x. >> >> It's easy enough I think to make a separate property for >> `com.sun.security.ocsp.readtimeout` and then the existing `.timeout` >> property would be for connect timeouts (keeping in line with the other >> props). I don't think it will introduce significant risk but I will >> highlight that in the CSR. > >> I think you should also apply the cert and CRL timeouts to the >> `LDAPCertStore` implementation, using the JNDI properties: >> `com.sun.jndi.ldap.connect.timeout` and `com.sun.jndi.ldap.read.timeout`. > > I will look into this. I've added the OCSP readtimeout property, seems to be working well. As discussed offline we'll hold off on the LDAP changes for now. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13762#discussion_r1199323604
