|
Quick Lists
|
|
Bug ID:
|
6885667
|
|
Votes
|
0
|
|
Synopsis
|
CertPath/CertPathValidatorTest/bugs/bug6383078 fails on jdk6u18/b02, jdk7/pit/b73 and passes on b72.
|
|
Category
|
java:classes_security
|
|
Reported Against
|
b03
, b73
|
|
Release Fixed
|
7(b75),
6u18(b04) (Bug ID:2183500)
|
|
State
|
10-Fix Delivered,
bug
|
|
Priority:
|
3-Medium
|
|
Related Bugs
|
6869739
|
|
Submit Date
|
25-SEP-2009
|
|
Description
|
CertPath/CertPathValidatorTest/bugs/bug6383078 fails on jdk7/pit/b73 while passes on b72.
log for b73 http://sqeweb.sfbay.sun.com/net/sqenfs-2/export2/results/security/pit/7/b73/gtee/windows-i586_c1/7-b73_pit_security_windows-i586_c1/dtftest.Windows_Vista.x86/bug6383078/bug6383078.log
...
[2009-09-23T12:01:28.66] certpath: connecting to OCSP service at: http://onsite-ocsp.verisign.com
[2009-09-23T12:01:28.66] Exception in thread "main" java.security.AccessControlException: access denied ("java.net.SocketPermission" "onsite-ocsp.verisign.com:80" "connect,resolve")
[2009-09-23T12:01:28.66] at java.security.AccessControlContext.checkPermission(AccessControlContext.java:345)
[2009-09-23T12:01:28.66] at java.security.AccessController.checkPermission(AccessController.java:555)
[2009-09-23T12:01:28.66] at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
[2009-09-23T12:01:28.66] at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051)
[2009-09-23T12:01:28.66] at sun.net.www.http.HttpClient.openServer(HttpClient.java:454)
[2009-09-23T12:01:28.66] at sun.net.www.http.HttpClient.<init>(HttpClient.java:210)
[2009-09-23T12:01:28.66] at sun.net.www.http.HttpClient.New(HttpClient.java:293)
[2009-09-23T12:01:28.66] at sun.net.www.http.HttpClient.New(HttpClient.java:305)
[2009-09-23T12:01:28.66] at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:862)
[2009-09-23T12:01:28.66] at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:798)
[2009-09-23T12:01:28.66] at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:716)
[2009-09-23T12:01:28.66] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:957)
[2009-09-23T12:01:28.66] at sun.security.provider.certpath.OCSP.check(OCSP.java:186)
[2009-09-23T12:01:28.66] at sun.security.provider.certpath.OCSPChecker.check(OCSPChecker.java:336)
[2009-09-23T12:01:28.66] at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
[2009-09-23T12:01:28.71] at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:321)
[2009-09-23T12:01:28.71] at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:187)
[2009-09-23T12:01:28.71] at java.security.cert.CertPathValidator.validate(CertPathValidator.java:267)
[2009-09-23T12:01:28.71] at ValidateCertPathWithRev.main(ValidateCertPathWithRev.java:40)
[2009-09-23T12:01:28.71] # Test level exit status: 1
[2009-09-23T12:01:29.71]
...............................
log for b72
http://sqeweb.sfbay.sun.com/net/sqenfs-1/export1/comp/jsn/users/evergreen/wzhu/results-soda-09-09-24-20-10/results/gtee.SunOS.sparc/bug6383078/bug6383078.err
...
[2009-09-25T03:10:53.07] certpath: connecting to OCSP service at: http://onsite-ocsp.verisign.com
[2009-09-25T03:10:53.07] certpath: java.security.AccessControlException: access denied ("java.net.SocketPermission" "onsite-ocsp.verisign.com:80" "connect,resolve")
[2009-09-25T03:10:53.07] certpath: preparing to failover (from OCSP to CRLs)
[2009-09-25T03:10:53.07] certpath: -checker5 validation succeeded
[2009-09-25T03:10:53.07] certpath: -Using checker6 ... [sun.security.provider.certpath.CrlRevocationChecker]
[2009-09-25T03:10:53.65] certpath: CrlRevocationChecker.verifyRevocationStatus() ---checking revocation status...
[2009-09-25T03:10:53.65] certpath: DistributionPointFetcher.getCRLs: Checking CRLDPs for CN=Java Deployment, OU=Class C, OU=Corporate Object Signing, O=Sun Microsystems Inc
[2009-09-25T03:10:53.65] certpath: Trying to fetch CRL from DP http://onsitecrl.verisign.com/SunMicrosystemsIncCorporateObjectSigningClassC/LatestCRL.crl
[2009-09-25T03:10:53.65] certpath: CertStore URI:http://onsitecrl.verisign.com/SunMicrosystemsIncCorporateObjectSigningClassC/LatestCRL.crl
[2009-09-25T03:10:53.65] certpath: Downloading new CRL...
[2009-09-25T03:10:53.65] certpath: Returning 1 CRLs
[2009-09-25T03:10:53.65] certpath: CrlRevocationChecker.verifyRevocationStatus() crls.size() = 0
[2009-09-25T03:10:53.65] certpath: CrlRevocationChecker.verifyRevocationStatus() approved crls.size() = 1
[2009-09-25T03:10:53.65] certpath: starting the final sweep...
[2009-09-25T03:10:53.65] certpath: CrlRevocationChecker.verifyRevocationStatus cert SN: 66035722392064388961324353282751403384
[2009-09-25T03:10:53.65] certpath: -checker6 validation succeeded
[2009-09-25T03:10:53.65] certpath: checking for unresolvedCritExts
[2009-09-25T03:10:53.65] certpath:
[2009-09-25T03:10:53.65] cert3 validation succeeded.
[2009-09-25T03:10:53.65]
[2009-09-25T03:10:53.65] certpath: Cert path validation succeeded. (PKIX validation algorithm)
[2009-09-25T03:10:53.80] certpath: --------------------------------------------------------------
[2009-09-25T03:10:53.80] # Test level exit status: 0
[2009-09-25T03:10:54.81]
Posted Date : 2009-09-25 08:29:18.0
|
|
Work Around
|
N/A
|
|
Evaluation
|
The failure might be caused by CR fixes in b73:
6745437 Add option to only check revocation of end-entity certificate in a chain of certificates
6869739 Cannot check revocation of single certificate without validating the entire chain
Posted Date : 2009-09-25 08:29:18.0
This is also a regression in JDK 6u18 b02 even though this test is only in the JDK 7 SQE workspace. I am changing the synopsis to reflect that.
The regression was caused by CR 6869739.
Posted Date : 2009-10-06 18:48:27.0
|
|
Comments
|
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
