-
Bug
-
Resolution: Fixed
-
P3
-
7u72, 8u25, 9
-
b48
-
Not verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8067942 | 8u60 | Anton Nashatyrev | P3 | Resolved | Fixed | b01 |
JDK-8067943 | 7u80 | Anton Nashatyrev | P3 | Resolved | Fixed | b05 |
JDK-8071576 | 7u76 | Anton Nashatyrev | P3 | Closed | Fixed | b33 |
Users are getting an unexpected security warning:
The application is being downloaded from a site other than the one
specified by the security certificate.
- Downloading from "xxx.yyy.net"
- Expecting "*.YYY.net"
[...]
@ security: invalid certificate from HTTPS-Server
[...]
@ java.security.cert.CertificateException: Java couldn't trust Server
Java mistakenly trying to compare the domain name from the certificate to the site name in a case sensitive manner. So it fails when the names are the same but given in a different letter case.
JDK fails with the following exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
Java couldn't trust Server
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.verifyHttpsConnection(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.getConnectPermission(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport.getJSProtectionDomain(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport.createContext(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport.access$1300(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.getContext(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run (Unknown Source)
at java.lang.Thread.run(Unknown Source)
@ Caused by: java.security.cert.CertificateException: Java couldn't trust Server
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTru sted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
The application is being downloaded from a site other than the one
specified by the security certificate.
- Downloading from "xxx.yyy.net"
- Expecting "*.YYY.net"
[...]
@ security: invalid certificate from HTTPS-Server
[...]
@ java.security.cert.CertificateException: Java couldn't trust Server
Java mistakenly trying to compare the domain name from the certificate to the site name in a case sensitive manner. So it fails when the names are the same but given in a different letter case.
JDK fails with the following exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
Java couldn't trust Server
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.verifyHttpsConnection(Unknown Source)
at com.sun.deploy.security.SandboxSecurity.getConnectPermission(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport.getJSProtectionDomain(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport.createContext(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport.access$1300(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.getContext(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run (Unknown Source)
at java.lang.Thread.run(Unknown Source)
@ Caused by: java.security.cert.CertificateException: Java couldn't trust Server
at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTru sted(Unknown Source)
at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)
- backported by
-
JDK-8067942 7u72 https fails with CertificateException: Java couldn't trust Server
-
- Resolved
-
-
JDK-8067943 7u72 https fails with CertificateException: Java couldn't trust Server
-
- Resolved
-
-
JDK-8071576 7u72 https fails with CertificateException: Java couldn't trust Server
-
- Closed
-