I see your point Sean. My motivation for wrapping the RuntimeException was to ensure that the failover mechanism (from OCSP to CRLs) did not get interrupted. But this is a case when the failover should be interrupted. I've filed a new bug to address the issue:
Bug: 8019627: RuntimeException gets obscured during OCSP cert revocation checking Webrev: http://cr.openjdk.java.net/~vinnie/8019627/webrev.00/ It simply re-throws RuntimeExceptions. On 2 Jul 2013, at 16:19, Sean Mullan wrote: > On 07/01/2013 07:02 PM, Xuelei Fan wrote: >> On 7/1/2013 8:56 PM, Vincent Ryan wrote: >>> I think that wrapping a RuntimeException (in CPVE) is acceptable in this >>> case >>> because the goal is to activate the failover mechanism from OCSP to CRL. >>> >>> Do you want RuntimeException to be re-thrown? >>> >> No. It is acceptable to me to wrap the RuntimeException. It is not a >> real runtime exception, but a wrong message. I prefer to use CPVE. > > Sorry I was on vacation yesterday and was unable to review this until now. > I'm not sure I like the fix. Catching a runtime exception and rethrowing it > as a checked exception is generally not a good idea. In this case you have a > situation where someone has misconfigured the property to specify an OCSP > responder. Hiding that exception and allowing the revocation check to > fallback to CRLs is dubious, even if we still capture the exception in a log > file. I think it should be thrown as is, so the user knows about the issue > immediately and can fix the configuration. So, even though it is technically > a change in behavior from JDK 7, I think the current behavior is more > correct, and I doubt this would cause many compatibility issues since it is a > configuration error that needs manual intervention to be properly fixed. > > Thanks, > Sean > >> >> Xuelei >> >>> On 29 Jun 2013, at 01:53, Xuelei Fan wrote: >>> >>>> Looks fine to me. >>>> >>>> Hmm, it is a case to learn that RuntimeException should be token care of >>>> sometimes. >>>> >>>> Thanks, >>>> Xuelei >>>> >>>> On 6/29/2013 2:41 AM, Vincent Ryan wrote: >>>>> Hello, >>>>> >>>>> Please review the following JDK 8 fix: >>>>> >>>>> Bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8019259 >>>>> Webrev: http://cr.openjdk.java.net/~vinnie/8019259/webrev.00/ >>>>> >>>>> It corrects a problem during X.509 certificate revocation checking where >>>>> failover to using CRLs is not >>>>> performed in the case when a malformed URL has been supplied as the URL >>>>> of the OCSP responder. >>>>> The fix ensures all exceptions during OCSP are caught and wrapped so that >>>>> the failover mechanism >>>>> does not get skipped. >>>>> >>>>> Thanks. >>>>> >>>> >>> >> >
