From 581d01d8c4e037c0fae2b1271af8b6bcd59fb364 Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Wed, 14 Oct 2009 09:36:31 -0400 Subject: [PATCH] 6885667: CertPath/CertPathValidatorTest/bugs/bug6383078 fails on jdk6u18/b02, jdk7/pit/b73 and passes on b72 Wrap all OCSP exceptions in CertPathValidatorException so that we can fallback to CRLs, if enabled. Reviewed-by: dgu, xuelei --- .../classes/sun/security/provider/certpath/OCSP.java | 4 ++++ .../sun/security/provider/certpath/OCSPChecker.java | 8 ++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java b/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java index 2665de6d680..dfdd846c5b8 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSP.java @@ -64,6 +64,8 @@ public final class OCSP { private static final Debug debug = Debug.getInstance("certpath"); + private static final int CONNECT_TIMEOUT = 15000; // 15 seconds + private OCSP() {} /** @@ -176,6 +178,8 @@ public final class OCSP { debug.println("connecting to OCSP service at: " + url); } HttpURLConnection con = (HttpURLConnection)url.openConnection(); + con.setConnectTimeout(CONNECT_TIMEOUT); + con.setReadTimeout(CONNECT_TIMEOUT); con.setDoOutput(true); con.setDoInput(true); con.setRequestMethod("POST"); diff --git a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java index 6f72c7ec185..499a5912aca 100644 --- a/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java +++ b/jdk/src/share/classes/sun/security/provider/certpath/OCSPChecker.java @@ -25,7 +25,6 @@ package sun.security.provider.certpath; -import java.io.IOException; import java.math.BigInteger; import java.util.*; import java.security.AccessController; @@ -335,10 +334,11 @@ class OCSPChecker extends PKIXCertPathChecker { (issuerCert, currCertImpl.getSerialNumberObject()); response = OCSP.check(Collections.singletonList(certId), uri, responderCert, pkixParams.getDate()); - } catch (IOException ioe) { - // should allow this to pass if network failures are acceptable + } catch (Exception e) { + // Wrap all exceptions in CertPathValidatorException so that + // we can fallback to CRLs, if enabled. throw new CertPathValidatorException - ("Unable to send OCSP request", ioe); + ("Unable to send OCSP request", e); } RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId);