-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
5.0
-
x86
-
windows_xp
FULL PRODUCT VERSION :
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
If a BasicOCSPResponse structure omits the "certs" member, which is optional, a NullPointerException is raised.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to validate a CertPath against a responder that returns no "certs" member in its BasicOCSPResponses.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A subject in the CertPath should be found to be valid if signed by an explicitly configured responder certificate or by its issuer in the path.
ACTUAL -
A NullPointerException is raised.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
certpath: CrlRevocationChecker.verifyWithSeparateSigningKey() got exception sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.security.cert.CertPathValidatorException: java.lang.NullPointerException
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
at com.partnet.security.ocsp.DummyTrustManager.checkServerTrusted(Test.java:138)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.partnet.security.ocsp.Test.main(Test.java:55)
Caused by: java.lang.NullPointerException
at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
at sun.security.provider.certpath.OCSPChecker.check(Unknown Source)
... 14 more
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Disable revocation checking in PKIXParameters and substitute custom PKIXCertPathChecker that does OCSP correctly.
java version "1.5.0_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
Java HotSpot(TM) Client VM (build 1.5.0_06-b05, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
If a BasicOCSPResponse structure omits the "certs" member, which is optional, a NullPointerException is raised.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to validate a CertPath against a responder that returns no "certs" member in its BasicOCSPResponses.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
A subject in the CertPath should be found to be valid if signed by an explicitly configured responder certificate or by its issuer in the path.
ACTUAL -
A NullPointerException is raised.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
certpath: CrlRevocationChecker.verifyWithSeparateSigningKey() got exception sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
java.security.cert.CertPathValidatorException: java.lang.NullPointerException
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
at java.security.cert.CertPathValidator.validate(Unknown Source)
at com.partnet.security.ocsp.DummyTrustManager.checkServerTrusted(Test.java:138)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.partnet.security.ocsp.Test.main(Test.java:55)
Caused by: java.lang.NullPointerException
at sun.security.provider.certpath.OCSPResponse.<init>(Unknown Source)
at sun.security.provider.certpath.OCSPChecker.check(Unknown Source)
... 14 more
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
Disable revocation checking in PKIXParameters and substitute custom PKIXCertPathChecker that does OCSP correctly.
- duplicates
-
-
- Closed
-