> > * EnableRevocation.java > > - How long does this test take - does it hang for a little while trying to > make a connection or timeout right away? If it takes a while, you could > experiment with overriding the default timeouts for CRLs and OCSP checks to > make this test finish faster. Use the system properties > com.sun.security.ocsp.timeout and com.sun.security.crl.readtimeout.
What if we use 0.0.0.0 for both OCSP and CRLDP? I assume it will return immediately, just hope it's not an uncaught RuntimeException. --Max > > Looks good otherwise. Please add a release-note and open a follow-on issue to > update the man page with the new option. > > --Sean > > On 5/1/20 12:02 PM, Hai-May Chao wrote: >> Hi, >> With small change added to ‘Usages.java' test, here is the updated webrev: >> https://cr.openjdk.java.net/~hchao/8242060/webrev.01/ >> Thanks, >> Hai-May >>> On Apr 30, 2020, at 4:29 PM, Hai-May Chao <hai-may.c...@oracle.com> wrote: >>> >>> Hi, >>> >>> I’d like to request a review for: >>> >>> JBS: https://bugs.openjdk.java.net/browse/JDK-8242060 >>> CSR: https://bugs.openjdk.java.net/browse/JDK-8244046 >>> Webrev: https://cr.openjdk.java.net/~hchao/8242060/webrev.00/ >>> >>> The jarsigner command currently does certificate chain validation, but does >>> not check revocation. Users won’t be able to know if the certificates are >>> revoked. This change is to provide an option in jarsigner to enable the >>> revocation check, and to emit progress messages when jarsigner starts >>> network connections to get OCSP responses and CRL. >>> >>> Thanks, >>> Hai-May >>> >>> >>>
