-
Bug
-
Resolution: Fixed
-
P4
-
1.4.2, 6, 8, 11
-
b09
-
x86, sparc
-
solaris_8, windows_xp
-
Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8238845 | 11.0.8-oracle | Shivangi Gupta | P4 | Resolved | Fixed | b01 |
| JDK-8238885 | 11.0.7-oracle | Abdul Kolarkunnu | P4 | Resolved | Fixed | b04 |
| JDK-8239222 | 11.0.7 | Xuelei Fan | P4 | Resolved | Fixed | b04 |
| JDK-8256646 | openjdk8u272 | Martin Balao Alonso | P4 | Closed | Fixed | b06 |
| JDK-8243738 | 8u261 | Prasadarao Koppula | P4 | Resolved | Fixed | b05 |
| JDK-8247076 | emb-8u261 | Prasadarao Koppula | P4 | Resolved | Fixed | team |
Name: gm110360 Date: 09/09/2003
FULL PRODUCT VERSION :
java version "1.4.2_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_01-b06)
Java HotSpot(TM) Client VM (build 1.4.2_01-b06, mixed mod
FULL OS VERSION :
SunOS sun2 5.8 Generic sun4u sparc SUNW,Ultra-5_10
A DESCRIPTION OF THE PROBLEM :
for ssl Server Socket ,
when incoming a ssl client connection with an expiry certificate ,
it generates the right exception (java.security.cert.CertificateExpiredException) but the server sends an alert with value = certificate_unknown .
The right value is certificate_expired
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
create an ssl server that requests the certificate for the client.
open a connection with the client with a expiry certificate.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
the server has to send an alert with value = certificate_expired
ACTUAL -
the server sends an alert with value = certificate_unknown
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
create a key MYKEYSERVER in a keystore call MYKEYSTORESERVER :
create a key MYKEYSERVER in a keystore call MYKEYSTORECLIENT :
keytool -keystore MYKEYSTORESERVER -alias MYKEYSERVER -keypasswd 123456 -genkey -keyalg RSA
keytool -keystore MYKEYSTORECLIENT -alias MYKEYCLIENT -keypasswd 123456 -genkey -keyalg RSA
creating a class for ssl server :
try {
int port = 443;
ServerSocketFactory ssocketFactory =SSLServerSocketFactory.getDefault();
ServerSocket ssocket = ssocketFactory.createServerSocket(port);
ssocket.setNeedClientAuth(true);
Socket socket = ssocket.accept();
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
byte br[] = new br[10];
out.read(br);
in.close();
out.close();
} catch(IOException e) {
}
java -Djavax.net.ssl.keyStore=MYKEYSTORESERVER
-Djavax.net.ssl.keyStorePassword=123456 MYKEYSERVER
-Djavax.net.ssl.trustStore=MYKEYSTORECLIENT
-Djavax.net.ssl.trustStorePassword=123456
creating a client
try {
int port = 443;
String hostname = "hostname";
SocketFactory socketFactory = SSLSocketFactory.getDefault();
Socket socket = socketFactory.createSocket(hostname, port);
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
socket.startHandshake() ;
out.write("hello".getBytes())
in.close();
out.close();
} catch(IOException e) {
}
java -Djavax.net.ssl.keyStore=MYKEYSTORECLIENT
-Djavax.net.ssl.keyStorePassword=123456 MYKEYCLIENT
-Djavax.net.ssl.trustStore=MYKEYSTORESERVER
-Djavax.net.ssl.trustStorePassword=123456
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
not found :(
(Incident Review ID: 201562)
======================================================================
- backported by
-
JDK-8238845 Errors in alert ssl message does not reflect the actual certificate status
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-