-
Bug
-
Resolution: Won't Fix
-
P3
-
7u67
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
A DESCRIPTION OF THE PROBLEM :
interaction in deployment.properties between
deployment.security.revocation.check=ALL_CERTIFICATES
deployment.security.revocation.check.locked
and:
deployment.security.validation.ocsp=true
deployment.security.validation.ocsp.locked
deployment.security.validation.crl=true
deployment.security.validation.crl.locked
if set
deployment.security.revocation.check=ALL_CERTIFICATES
gesetzt, sind folgende Punkte im Java Control Panel nicht ausgegraut:
the following fields in Java Control Panel are not greyed out:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
but if is set
deployment.security.revocation.check=NO_CHECK
the lockdown is set correctly at:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
copy the following into an empty deployment.properties-file and review the settings into the java-control panel:
deployment.security.revocation.check=ALL_CERTIFICATES
deployment.security.revocation.check.locked
deployment.security.validation.ocsp=true
deployment.security.validation.ocsp.locked
deployment.security.validation.crl=true
deployment.security.validation.crl.locked
as expected the following fields are NOT locked down:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
the following fields are NOT locked down:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
ACTUAL -
the following fields are NOT locked down:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
REPRODUCIBILITY :
This bug can be reproduced always.
A DESCRIPTION OF THE PROBLEM :
interaction in deployment.properties between
deployment.security.revocation.check=ALL_CERTIFICATES
deployment.security.revocation.check.locked
and:
deployment.security.validation.ocsp=true
deployment.security.validation.ocsp.locked
deployment.security.validation.crl=true
deployment.security.validation.crl.locked
if set
deployment.security.revocation.check=ALL_CERTIFICATES
gesetzt, sind folgende Punkte im Java Control Panel nicht ausgegraut:
the following fields in Java Control Panel are not greyed out:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
but if is set
deployment.security.revocation.check=NO_CHECK
the lockdown is set correctly at:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
copy the following into an empty deployment.properties-file and review the settings into the java-control panel:
deployment.security.revocation.check=ALL_CERTIFICATES
deployment.security.revocation.check.locked
deployment.security.validation.ocsp=true
deployment.security.validation.ocsp.locked
deployment.security.validation.crl=true
deployment.security.validation.crl.locked
as expected the following fields are NOT locked down:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
the following fields are NOT locked down:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
ACTUAL -
the following fields are NOT locked down:
Check for certificate revocation using
Certificate Revocations Lists (CRLs)
Online Certificate Status Protocol (OCSP)
Both CRLs and OCSP
REPRODUCIBILITY :
This bug can be reproduced always.