Name: krC82822 Date: 02/11/2001


java version "1.3.0_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0_01)
Java HotSpot(TM) Client VM (build 1.3.0_01, mixed mode)

When connecting to SSL server, JSSE will check the validality of the server
certificate. This bug happens when the cert contains
a critical nsCertType extension.

JSSE will throw an exception: "untrusted server cert chain". After enabling
debug mode with -Djavax.net.debug=all, I got "failed critical extension check:
java.lang.Exception: Contains unknown critical extensions".

Please use following code to connect to Baltimore since its SSL certificate
usually contains "critical nsCertType extension".

--------

package com.formosoft.boobee.test;

import java.io.*;
import java.net.*;
import java.security.cert.*;

public class TestSSL {

  private static void testSSL2() {
      //Enable Client SSL in Url object
      System.setProperty
("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");

      try {
          URL url = new URL("https://www.baltimore.com");
          URLConnection connection = url.openConnection();
          BufferedReader in = new BufferedReader(new InputStreamReader
(connection.getInputStream()));
          System.out.println( in.readLine() );
      } catch (IOException e) {
          e.printStackTrace();
      }
  }

  public TestSSL() {
  }
  public static final void main(String[] main) {
    testSSL2();
  }
}
(Review ID: 116566)
======================================================================