Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 3
Star 2
Fork 0
D
dragonwell8_jdk

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 314a0946 编写于 作者: M mullan
浏览文件
操作

6885667: CertPath/CertPathValidatorTest/bugs/bug6383078 fails on jdk6u18/b02,... 

6885667: CertPath/CertPathValidatorTest/bugs/bug6383078 fails on jdk6u18/b02, jdk7/pit/b73 and passes on b72.
Summary: Wrap all OCSP exceptions in CertPathValidatorException so that we can fallback to CRLs, if enabled.
Reviewed-by: dgu, xuelei
上级 281283c6
显示空白变更内容
内联 并排
Showing with 8 addition and 4 deletion
src/share/classes/sun/security/provider/certpath/OCSP.java
浏览文件 @ 314a0946
...@@ -64,6 +64,8 @@ public final class OCSP { ...@@ -64,6 +64,8 @@ public final class OCSP {
private static final Debug debug = Debug.getInstance("certpath"); private static final Debug debug = Debug.getInstance("certpath");
private static final int CONNECT_TIMEOUT = 15000; // 15 seconds
private OCSP() {} private OCSP() {}
/** /**
...@@ -176,6 +178,8 @@ public final class OCSP { ...@@ -176,6 +178,8 @@ public final class OCSP {
debug.println("connecting to OCSP service at: " + url); debug.println("connecting to OCSP service at: " + url);
} }
HttpURLConnection con = (HttpURLConnection)url.openConnection(); HttpURLConnection con = (HttpURLConnection)url.openConnection();
con.setConnectTimeout(CONNECT_TIMEOUT);
con.setReadTimeout(CONNECT_TIMEOUT);
con.setDoOutput(true); con.setDoOutput(true);
con.setDoInput(true); con.setDoInput(true);
con.setRequestMethod("POST"); con.setRequestMethod("POST");
......
src/share/classes/sun/security/provider/certpath/OCSPChecker.java
浏览文件 @ 314a0946
...@@ -25,7 +25,6 @@ ...@@ -25,7 +25,6 @@
package sun.security.provider.certpath; package sun.security.provider.certpath;
import java.io.IOException;
import java.math.BigInteger; import java.math.BigInteger;
import java.util.*; import java.util.*;
import java.security.AccessController; import java.security.AccessController;
...@@ -335,10 +334,11 @@ class OCSPChecker extends PKIXCertPathChecker { ...@@ -335,10 +334,11 @@ class OCSPChecker extends PKIXCertPathChecker {
(issuerCert, currCertImpl.getSerialNumberObject()); (issuerCert, currCertImpl.getSerialNumberObject());
response = OCSP.check(Collections.singletonList(certId), uri, response = OCSP.check(Collections.singletonList(certId), uri,
responderCert, pkixParams.getDate()); responderCert, pkixParams.getDate());
} catch (IOException ioe) { } catch (Exception e) {
// should allow this to pass if network failures are acceptable // Wrap all exceptions in CertPathValidatorException so that
// we can fallback to CRLs, if enabled.
throw new CertPathValidatorException throw new CertPathValidatorException
("Unable to send OCSP request", ioe); ("Unable to send OCSP request", e);
} }
RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId); RevocationStatus rs = (RevocationStatus) response.getSingleResponse(certId);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册