-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
6u18
-
x86
-
windows_xp
FULL PRODUCT VERSION :
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
The following chain returns a ValidatorException with the message "Violated path length constraints" in 1.6.0_18.
2010-01-29 13:49:20,219 INFO [http-127.0.0.1-8080-1] STDOUT:152 chain [0] = [
...
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
2010-01-29 13:49:20,266 INFO [http-127.0.0.1-8080-1] STDOUT:152 chain [1] = [
...
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
2010-01-29 13:49:20,329 INFO [http-127.0.0.1-8080-1] STDOUT:152 chain [2] = [
...
[8]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
]
2010-01-29 13:49:20,360 INFO [http-127.0.0.1-8080-1] STDOUT:152 chain [3] = [
...
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
The problem occurs because the PathLen constraint in chain[2] has the value 1 and there is a CA certificate (chain[1]) that follows this certificate in the chain.
The specification says the following about the PathLen constraint: "it gives the maximum number of CA certificates that may follow this certificate in a certification path", so the chain should be accepted.
The problem only occurs in update 18.
REPRODUCIBILITY :
This bug can be reproduced always.
Release Regression From : 6u17
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
A DESCRIPTION OF THE PROBLEM :
The following chain returns a ValidatorException with the message "Violated path length constraints" in 1.6.0_18.
2010-01-29 13:49:20,219 INFO [http-127.0.0.1-8080-1] STDOUT:152 chain [0] = [
...
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
2010-01-29 13:49:20,266 INFO [http-127.0.0.1-8080-1] STDOUT:152 chain [1] = [
...
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
2010-01-29 13:49:20,329 INFO [http-127.0.0.1-8080-1] STDOUT:152 chain [2] = [
...
[8]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
]
2010-01-29 13:49:20,360 INFO [http-127.0.0.1-8080-1] STDOUT:152 chain [3] = [
...
[8]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
The problem occurs because the PathLen constraint in chain[2] has the value 1 and there is a CA certificate (chain[1]) that follows this certificate in the chain.
The specification says the following about the PathLen constraint: "it gives the maximum number of CA certificates that may follow this certificate in a certification path", so the chain should be accepted.
The problem only occurs in update 18.
REPRODUCIBILITY :
This bug can be reproduced always.
Release Regression From : 6u17
The above release value was the last known release where this
bug was not reproducible. Since then there has been a regression.
- duplicates
-
-
- Closed
-