Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8065082

7u72 https fails with CertificateException: Java couldn't trust Server

XMLWordPrintable

    • b48
    • Not verified

        Users are getting an unexpected security warning:

         The application is being downloaded from a site other than the one
         specified by the security certificate.
         - Downloading from "xxx.yyy.net"
         - Expecting "*.YYY.net"

        [...]
        @ security: invalid certificate from HTTPS-Server
        [...]
        @ java.security.cert.CertificateException: Java couldn't trust Server

        Java mistakenly trying to compare the domain name from the certificate to the site name in a case sensitive manner. So it fails when the names are the same but given in a different letter case.

        JDK fails with the following exception:

         javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
        Java couldn't trust Server
                at sun.security.ssl.Alerts.getSSLException(Unknown Source)
                at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
                at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
                at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
                at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
                at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
                at sun.security.ssl.Handshaker.processLoop(Unknown Source)
                at sun.security.ssl.Handshaker.process_record(Unknown Source)
                at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
                at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
                at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
                at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
                at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
                at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
                at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
                at java.net.HttpURLConnection.getResponseCode(Unknown Source)
                at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
                at com.sun.deploy.security.SandboxSecurity.verifyHttpsConnection(Unknown Source)
                at com.sun.deploy.security.SandboxSecurity.getConnectPermission(Unknown Source)
                at sun.plugin2.main.client.LiveConnectSupport.getJSProtectionDomain(Unknown Source)
                at sun.plugin2.main.client.LiveConnectSupport.createContext(Unknown Source)
                at sun.plugin2.main.client.LiveConnectSupport.access$1300(Unknown Source)
                at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.getContext(Unknown Source)
                at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo.doObjectOp(Unknown Source)
                at sun.plugin2.main.client.LiveConnectSupport$PerAppletInfo$LiveConnectWorker.run (Unknown Source)
                at java.lang.Thread.run(Unknown Source)
        @ Caused by: java.security.cert.CertificateException: Java couldn't trust Server
                at com.sun.deploy.security.X509TrustManagerDelegate.checkTrusted(Unknown Source)
                at com.sun.deploy.security.X509Extended7DeployTrustManagerDelegate.checkServerTru sted(Unknown Source)
                at com.sun.deploy.security.X509Extended7DeployTrustManager.checkServerTrusted(Unknown Source)

              anashaty Anton Nashatyrev (Inactive)
              shadowbug Shadow Bug
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: