-
Bug
-
Resolution: Won't Fix
-
P4
-
None
-
7u55
-
x86_64
-
linux
FULL PRODUCT VERSION :
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
Java8 is also installed (but disabled):
java version "1.8.0_05"
Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux serge-linux 3.11-0.bpo.2-amd64 #1 SMP Debian 3.11.10-1~bpo70+1 (2013-12-17) x86_64 GNU/Linux
EXTRA RELEVANT SYSTEM CONFIGURATION :
jre/lib/security/cacerts has been modified in order to add some root CAs
A DESCRIPTION OF THE PROBLEM :
In case of multiple CRL distribution points, if the first one requested over the network is invalid (http code 200 but file is not crl valid), then a warning message is displayed about revoŃation check. Later, the crl is visible in the cache (temp files).
I prepared a web page with sample:
http://sp31415.uhostfull.com/bug_submission_oracle/index.html
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
I have made two root CA and certificate chain with only one difference:
URI host order is different.
I signed two applets.
Only one is displaying a warning message related to revokation.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I maybe be wrong about how multiple CRL distributiion points should be managed, but I expect no message or the same message for the 2 applets
ACTUAL -
I see a message (french): La signature numérique de cette application a été générée avec un certificat provenant d'une autorité de certification sécurisée, mais il est impossible de garantir qu'il n'a pas été revoqué par cette autorité.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
nothing
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
there is no specific java source code.
Eventually, code related to cetificate generation... but look out of the subject.
can be tested with that page:
http://sp31415.uhostfull.com/bug_submission_oracle/index.html
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
have only valid CRL distribution points. but something valid one may not be valid in future...
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)
Java8 is also installed (but disabled):
java version "1.8.0_05"
Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux serge-linux 3.11-0.bpo.2-amd64 #1 SMP Debian 3.11.10-1~bpo70+1 (2013-12-17) x86_64 GNU/Linux
EXTRA RELEVANT SYSTEM CONFIGURATION :
jre/lib/security/cacerts has been modified in order to add some root CAs
A DESCRIPTION OF THE PROBLEM :
In case of multiple CRL distribution points, if the first one requested over the network is invalid (http code 200 but file is not crl valid), then a warning message is displayed about revoŃation check. Later, the crl is visible in the cache (temp files).
I prepared a web page with sample:
http://sp31415.uhostfull.com/bug_submission_oracle/index.html
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
I have made two root CA and certificate chain with only one difference:
URI host order is different.
I signed two applets.
Only one is displaying a warning message related to revokation.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I maybe be wrong about how multiple CRL distributiion points should be managed, but I expect no message or the same message for the 2 applets
ACTUAL -
I see a message (french): La signature numérique de cette application a été générée avec un certificat provenant d'une autorité de certification sécurisée, mais il est impossible de garantir qu'il n'a pas été revoqué par cette autorité.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
nothing
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
there is no specific java source code.
Eventually, code related to cetificate generation... but look out of the subject.
can be tested with that page:
http://sp31415.uhostfull.com/bug_submission_oracle/index.html
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
have only valid CRL distribution points. but something valid one may not be valid in future...