8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts

[HempushpaSahu]

Backporting JDK-8179502 - Enhance OCSP, CRL and Certificate Fetch Timeouts.
OCSP request throws Connection timeout occasionally, so this needs to be backported to fix the issue.

Reported issue : https://bugs.openjdk.org/browse/JDK-8179502

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change requires CSR request JDK-8337407 to be approved
• JDK-8179502 needs maintainer approval

Issues

• JDK-8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts (Enhancement - P4) ⚠️ Issue is already resolved. Consider making this a "backport pull request" by setting the PR title to Backport <hash> with the hash of the original commit. See Backports.
• JDK-8337407: Enhance OCSP, CRL and Certificate Fetch Timeouts (CSR)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk17u-dev.git pull/2754/head:pull/2754
$ git checkout pull/2754

Update a local copy of the PR:
$ git checkout pull/2754
$ git pull https://git.openjdk.org/jdk17u-dev.git pull/2754/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 2754

View PR using the GUI difftool:
$ git pr show -t 2754

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk17u-dev/pull/2754.diff

Webrev

Link to Webrev Comment

[bridgekeeper]

Hi @HempushpaSahu, welcome to this OpenJDK project and thanks for contributing!

We do not recognize you as Contributor and need to ensure you have signed the Oracle Contributor Agreement (OCA). If you have not signed the OCA, please follow the instructions. Please fill in your GitHub username in the "Username" field of the application. Once you have signed the OCA, please let us know by writing /signed in a comment in this pull request.

If you already are an OpenJDK Author, Committer or Reviewer, please click here to open a new issue so that we can record that fact. Please use "Add GitHub user HempushpaSahu" as summary for the issue.

If you are contributing this work on behalf of your employer and your employer has signed the OCA, please let us know by writing /covered in a comment in this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[HempushpaSahu]

/signed

[bridgekeeper]

Thank you! Please allow for up to two weeks to process your OCA, although it is usually done within one to two business days. Also, please note that pull requests that are pending an OCA check will not usually be evaluated, so your patience is appreciated!

[HempushpaSahu]

/signed

[bridgekeeper]

You are already a known contributor!

[HempushpaSahu]

Backporting JDK-8179502 - Enhance OCSP, CRL and Certificate Fetch Timeouts.
OCSP request throws Connection timeout occasionally, so this needs to be backported to fix the issue.

Reported issue : https://bugs.openjdk.org/browse/JDK-8179502

[mlbridge]

Webrevs

• 00: Full (3a6fe929)

[offamitkumar]

Please close this PR in favour of #2747 & enable test on your repo by going to the repo and then on actions.

[HempushpaSahu]

Duplicate of #2747. Hence, closing this PR
Thanks.

[GoeLin]

Hi @HempushpaSahu
Oracle did not push this yet, so "Oracle parity" is to not push it.
Let's see what Oracle will do...

[GoeLin]

Hi @HempushpaSahu ,
one more thing:
What happens if someone has set com.sun.security.crl.timeout and installs the update. Will that value be taken over to com.sun.security.ocsp.readtimeout, or will that fall back to 15s?

[HempushpaSahu]

Hi @HempushpaSahu , one more thing: What happens if someone has set com.sun.security.crl.timeout and installs the update. Will that value be taken over to com.sun.security.ocsp.readtimeout, or will that fall back to 15s?

This has been handled by Alexey in the openJdk PR 8179502.