-
Bug
-
Resolution: Duplicate
-
P3
-
5.0
-
x86
-
windows_xp
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2165806 | 5.0u17 | Mala Bankal | P3 | Closed | Duplicate |
FULL PRODUCT VERSION :
java version "1.5.0_04"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_04-b05)
Java HotSport(TM) Client VM (build 1.5.0_04-b05, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Setec SetWEB certificate loader, SCM331 Smart card reader, Finnish Electornic ID card (FINEID), using certificates and keys in browser keystore
A DESCRIPTION OF THE PROBLEM :
When using client authentication required web site and accessing a web page where is an applet, the plug-in pops up a dialog from which contains all the certificates in the browser keystore. The browser itself filters only those certificates to be visibile which have marked for authentication purposes. The plug-in does not.
This causes problems where there are certificates with same common name (like FINEID which has a certificate for authentication and another for non-repudiation ie. digital signatures) as user is not aware which one of the two listed certificates is for authentication purposes. If selected the one that is not, loading of the applets will fail.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Access any website with client authentication on, and having a web page with an applet. Also have at least two certificates in your browser store, of which the other one is not for authentication purposes.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
You should be listed only the certificates suitable for authentication.
ACTUAL -
You are listed with both the certificates including the one not for authentication. If chosen that one for authentication, the loading of the applet will fail.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Use JRE 1.3.1 which does not suffer from this as it relies on the browsers HTTP(S) connection.
Release Regression From : 1.3.1
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
java version "1.5.0_04"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_04-b05)
Java HotSport(TM) Client VM (build 1.5.0_04-b05, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
Setec SetWEB certificate loader, SCM331 Smart card reader, Finnish Electornic ID card (FINEID), using certificates and keys in browser keystore
A DESCRIPTION OF THE PROBLEM :
When using client authentication required web site and accessing a web page where is an applet, the plug-in pops up a dialog from which contains all the certificates in the browser keystore. The browser itself filters only those certificates to be visibile which have marked for authentication purposes. The plug-in does not.
This causes problems where there are certificates with same common name (like FINEID which has a certificate for authentication and another for non-repudiation ie. digital signatures) as user is not aware which one of the two listed certificates is for authentication purposes. If selected the one that is not, loading of the applets will fail.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Access any website with client authentication on, and having a web page with an applet. Also have at least two certificates in your browser store, of which the other one is not for authentication purposes.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
You should be listed only the certificates suitable for authentication.
ACTUAL -
You are listed with both the certificates including the one not for authentication. If chosen that one for authentication, the loading of the applet will fail.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Use JRE 1.3.1 which does not suffer from this as it relies on the browsers HTTP(S) connection.
Release Regression From : 1.3.1
The above release value was the last known release where this
bug was known to work. Since then there has been a regression.
- backported by
-
JDK-2165806 Authentication dialog shows certificates not marked for authentication
-
- Closed
-
- duplicates
-
-
- Closed
-