-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
7u71, 8u25, 8u40
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
iava Version "1.7.0_71"
Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
Java HotSpot(TM) Client VM (build 24.71-b01, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows Version 6.1.7601
A DESCRIPTION OF THE PROBLEM :
An Applet with a signed certificate from Thawte can not be loaded because of lack of validation of the certifikate. With the previously version of Java everything was ok.
REGRESSION. Last worked in version 7u67
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to load the applet with the URL:
https://osc.donaukurier.de:8443/lheditor/pageServlet.htm
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Applet to start.
ACTUAL -
Applet will not load.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Java-Plug-in 10.71.2.14
JRE-Version verwenden 1.7.0_71-b14 Java HotSpot(TM) Client VM
Benutzer-Home-Verzeichnis = C:\Users\U254445
----------------------------------------------------
c: Konsolenfenster löschen
f: Objekte in Finalisierungs-Queue finalisieren
g: Garbage Collect
h: Diese Hilfemeldung anzeigen
l: Class Loader-Liste ausgeben
m: Speicherauslastung drucken
o: Logging auslösen
q: Konsole ausblenden
r: Policy-Konfiguration neu laden
s: System- und Deployment-Eigenschaften ausgeben
t: Threadliste ausgeben
v: Threadstack ausgeben
x: Class Loader-Cache leeren
0-5: Traceebene auf <n> setzen
----------------------------------------------------
cache: Initialize resource manager: com.sun.deploy.cache.ResourceProviderImpl@97b7b1
basic: Fortschritts-Listener hinzugefügt: sun.plugin.util.ProgressMonitorAdapter@fcc070
security: Expected Main URL: https://osc.donaukurier.de:8443/lheditor/lheditor.jar
basic: Plugin2ClassLoader.addURL parent called for https://osc.donaukurier.de:8443/lheditor/lheditor.jar
network: Cacheeintrag nicht gefunden [URL: https://osc.donaukurier.de:8443/lheditor/lheditor.jar, Version: null]
network: Verbindung von https://osc.donaukurier.de:8443/lheditor/lheditor.jar mit Proxy=DIRECT wird hergestellt
network: Cacheeintrag nicht gefunden [URL: file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunec.jar, Version: null]
network: Cacheeintrag nicht gefunden [URL: file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunjce_provider.jar, Version: null]
network: Verbindung von http://osc.donaukurier.de:8443/ mit Proxy=DIRECT wird hergestellt
security: SSL-Root-CA-Zertifikate werden aus C:\Program Files (x86)\Java\jre7\lib\security\cacerts geladen
security: SSL-Root-CA-Zertifikate aus C:\Program Files (x86)\Java\jre7\lib\security\cacerts geladen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikate werden aus Deployment-Session-Zertifikatspeicher geladen
security: Zertifikate wurden aus Deployment-Session-Zertifikatspeicher geladen
security: Zertifikate werden aus Internet Explorer ROOT-Zertifikatspeicher geladen
security: Zertifikate wurden aus Internet Explorer ROOT-Zertifikatspeicher geladen
security: Zertifikate werden aus Internet Explorer DISALLOWED-Zertifikatspeicher geladen
security: Zertifikate wurden aus Internet Explorer DISALLOWED-Zertifikatspeicher geladen
security: Loaded blacklisted.certs file: C:\Users\U254445\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: F0BB5070CCD3079955AD69DF534453BE6738C6173E406FD8689D85383F588C84
security: Zertifikat wird in Internet Explorer DISALLOWED-Zertifikatspeicher gesucht
security: SHA-256Certificate finger print: 0855414AF5F5FD7E264F8B002A39CCED67E5952E89B61B680CC847BAA34944DE
security: Zertifikat wird in Internet Explorer DISALLOWED-Zertifikatspeicher gesucht
security: SHA-256Certificate finger print: C99157DF28D28EBD87B8B041AACCF023CF1C9AD0D21FD7116149D7F96484FA51
security: Zertifikat wird in Internet Explorer DISALLOWED-Zertifikatspeicher gesucht
security: SSL-Zertifikat wird im permanenten Deployment-Zertifikatspeicher gesucht
security: Zertifikate werden aus Internet Explorer ROOT-Zertifikatspeicher geladen
security: Zertifikate wurden aus Internet Explorer ROOT-Zertifikatspeicher geladen
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate$2.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
... 45 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 55 more
REPRODUCIBILITY :
This bug can be reproduced always.
iava Version "1.7.0_71"
Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
Java HotSpot(TM) Client VM (build 24.71-b01, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows Version 6.1.7601
A DESCRIPTION OF THE PROBLEM :
An Applet with a signed certificate from Thawte can not be loaded because of lack of validation of the certifikate. With the previously version of Java everything was ok.
REGRESSION. Last worked in version 7u67
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to load the applet with the URL:
https://osc.donaukurier.de:8443/lheditor/pageServlet.htm
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Applet to start.
ACTUAL -
Applet will not load.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Java-Plug-in 10.71.2.14
JRE-Version verwenden 1.7.0_71-b14 Java HotSpot(TM) Client VM
Benutzer-Home-Verzeichnis = C:\Users\U254445
----------------------------------------------------
c: Konsolenfenster löschen
f: Objekte in Finalisierungs-Queue finalisieren
g: Garbage Collect
h: Diese Hilfemeldung anzeigen
l: Class Loader-Liste ausgeben
m: Speicherauslastung drucken
o: Logging auslösen
q: Konsole ausblenden
r: Policy-Konfiguration neu laden
s: System- und Deployment-Eigenschaften ausgeben
t: Threadliste ausgeben
v: Threadstack ausgeben
x: Class Loader-Cache leeren
0-5: Traceebene auf <n> setzen
----------------------------------------------------
cache: Initialize resource manager: com.sun.deploy.cache.ResourceProviderImpl@97b7b1
basic: Fortschritts-Listener hinzugefügt: sun.plugin.util.ProgressMonitorAdapter@fcc070
security: Expected Main URL: https://osc.donaukurier.de:8443/lheditor/lheditor.jar
basic: Plugin2ClassLoader.addURL parent called for https://osc.donaukurier.de:8443/lheditor/lheditor.jar
network: Cacheeintrag nicht gefunden [URL: https://osc.donaukurier.de:8443/lheditor/lheditor.jar, Version: null]
network: Verbindung von https://osc.donaukurier.de:8443/lheditor/lheditor.jar mit Proxy=DIRECT wird hergestellt
network: Cacheeintrag nicht gefunden [URL: file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunec.jar, Version: null]
network: Cacheeintrag nicht gefunden [URL: file:/C:/Program%20Files%20(x86)/Java/jre7/lib/ext/sunjce_provider.jar, Version: null]
network: Verbindung von http://osc.donaukurier.de:8443/ mit Proxy=DIRECT wird hergestellt
security: SSL-Root-CA-Zertifikate werden aus C:\Program Files (x86)\Java\jre7\lib\security\cacerts geladen
security: SSL-Root-CA-Zertifikate aus C:\Program Files (x86)\Java\jre7\lib\security\cacerts geladen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikatsammlung aus SSL-Root-CA-Zertifikatspeicher abrufen
security: Zertifikate werden aus Deployment-Session-Zertifikatspeicher geladen
security: Zertifikate wurden aus Deployment-Session-Zertifikatspeicher geladen
security: Zertifikate werden aus Internet Explorer ROOT-Zertifikatspeicher geladen
security: Zertifikate wurden aus Internet Explorer ROOT-Zertifikatspeicher geladen
security: Zertifikate werden aus Internet Explorer DISALLOWED-Zertifikatspeicher geladen
security: Zertifikate wurden aus Internet Explorer DISALLOWED-Zertifikatspeicher geladen
security: Loaded blacklisted.certs file: C:\Users\U254445\AppData\LocalLow\Sun\Java\Deployment\security\blacklisted.certs
security: SHA-256Certificate finger print: F0BB5070CCD3079955AD69DF534453BE6738C6173E406FD8689D85383F588C84
security: Zertifikat wird in Internet Explorer DISALLOWED-Zertifikatspeicher gesucht
security: SHA-256Certificate finger print: 0855414AF5F5FD7E264F8B002A39CCED67E5952E89B61B680CC847BAA34944DE
security: Zertifikat wird in Internet Explorer DISALLOWED-Zertifikatspeicher gesucht
security: SHA-256Certificate finger print: C99157DF28D28EBD87B8B041AACCF023CF1C9AD0D21FD7116149D7F96484FA51
security: Zertifikat wird in Internet Explorer DISALLOWED-Zertifikatspeicher gesucht
security: SSL-Zertifikat wird im permanenten Deployment-Zertifikatspeicher gesucht
security: Zertifikate werden aus Internet Explorer ROOT-Zertifikatspeicher geladen
security: Zertifikate wurden aus Internet Explorer ROOT-Zertifikatspeicher geladen
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate$2.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
... 45 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 55 more
REPRODUCIBILITY :
This bug can be reproduced always.