-
Bug
-
Resolution: Duplicate
-
P3
-
7u51, 8
-
win7/x86/jre8#728
Background:
With latest jre8, when run ca-signed apps that passing bad vmargs/property to vm, the warning dialog is with title "Security Warning" and in more information dialog, it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......"
For example, when run the following ca-signed app that trying to pass bad property <property name=javapi.user0" value=testquote /> to vm, a warning dialog with title "Security Warning" will show up.
Steps to reproduce:
1 Install latest jre8 nightly build#728
2) Make sure your system/browser can access to internet or disable ocsp/crl check from JCP
3) Load app javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testpropertyquote.jnlp
It try to pass bad property <property name=javapi.user0" value=testquote /> to vm
The JNLP file is not signed and only jar file is signed.
4) If a security warning dialog with title "Security Warning" shows up and in more info dialog it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......", then this issue is reproduced. See attached security-warning.png and security-warning-moreinfo.png.
But for apps that pass valid property to vm, the title of warning dialog is "Security Information".
Steps to reproduce:
1) Install latest jre8 nightly build#728
2) Make sure your system/browser can access to internet or disable ocsp/crl check from JCP
3) Load app javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testpropertyTest1.jnlp
It try to pass valid property <property name="http.keepAlive" value="VALUE"/> to vm
The JNLP file is also not signed and only jar file is signed.
4) A security warning dialog with title "Security Information" will show up. See attached security-info.png
With latest jre8, when run ca-signed apps that passing bad vmargs/property to vm, the warning dialog is with title "Security Warning" and in more information dialog, it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......"
For example, when run the following ca-signed app that trying to pass bad property <property name=javapi.user0" value=testquote /> to vm, a warning dialog with title "Security Warning" will show up.
Steps to reproduce:
1 Install latest jre8 nightly build#728
2) Make sure your system/browser can access to internet or disable ocsp/crl check from JCP
3) Load app javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testpropertyquote.jnlp
It try to pass bad property <property name=javapi.user0" value=testquote /> to vm
The JNLP file is not signed and only jar file is signed.
4) If a security warning dialog with title "Security Warning" shows up and in more info dialog it says "Although the application has a digital signature, the application's associated file (JNLP) does not have one......", then this issue is reproduced. See attached security-warning.png and security-warning-moreinfo.png.
But for apps that pass valid property to vm, the title of warning dialog is "Security Information".
Steps to reproduce:
1) Install latest jre8 nightly build#728
2) Make sure your system/browser can access to internet or disable ocsp/crl check from JCP
3) Load app javaws http://sqeweb.us.oracle.com/net/sqenfs-1/export1/comp/jsn/users/crystal/DO_NOT_REMOVE_ME/jrebug/vmargs/jnlp/testpropertyTest1.jnlp
It try to pass valid property <property name="http.keepAlive" value="VALUE"/> to vm
The JNLP file is also not signed and only jar file is signed.
4) A security warning dialog with title "Security Information" will show up. See attached security-info.png