-
Bug
-
Resolution: Fixed
-
P3
-
7u71
-
b10
-
x86
-
windows_7
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8072894 | 9 | Robert Mckenna | P3 | Resolved | Fixed | b51 |
| JDK-8084499 | emb-9 | Robert Mckenna | P3 | Resolved | Fixed | team |
| JDK-8086793 | 8u65 | Robert Mckenna | P3 | Resolved | Fixed | b01 |
| JDK-8072948 | 8u60 | Robert Mckenna | P3 | Resolved | Fixed | b03 |
| JDK-8073366 | 8u51 | Robert Mckenna | P3 | Resolved | Fixed | b01 |
| JDK-8073229 | 8u45 | Robert Mckenna | P3 | Resolved | Fixed | b08 |
| JDK-8138203 | emb-8u65 | Unassigned | P3 | Resolved | Fixed | b01 |
| JDK-8074652 | emb-8u60 | Robert Mckenna | P3 | Resolved | Fixed | team |
| JDK-8074626 | emb-8u51 | Robert Mckenna | P3 | Resolved | Fixed | team |
| JDK-8074442 | emb-8u47 | Robert Mckenna | P3 | Resolved | Fixed | team |
| JDK-8072949 | 7u85 | Robert Mckenna | P3 | Resolved | Fixed | b01 |
C:\Users\Adminuser7>java -version
java version "1.7.0_71"
Java(TM) SE Runtime Environment (build 1.7.0_71-b14)
Java HotSpot(TM) Client VM (build 24.71-b01, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Windows7 professional SP1
A DESCRIPTION OF THE PROBLEM :
I tried to access java web start via IPv6 address. I got .jnlp , but could not get .jar file. The exception is:
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 2001:db8::1:1:0:1 found
at sun.security.util.HostnameChecker.matchIP(Unknown Source)
This exception maybe cause here.
/**
* Check if the certificate allows use of the given IP address.
*
* From RFC2818:
* In some cases, the URI is specified as an IP address rather than a
* hostname. In this case, the iPAddress subjectAltName must be present
* in the certificate and must exactly match the IP in the URI.
*/
private static void matchIP(String expectedIP, X509Certificate cert)
throws CertificateException {
Collection<List<?>> subjAltNames = cert.getSubjectAlternativeNames();
if (subjAltNames == null) {
throw new CertificateException
("No subject alternative names present");
}
for (List<?> next : subjAltNames) {
// For IP address, it needs to be exact match
if (((Integer)next.get(0)).intValue() == ALTNAME_IP) {
String ipAddress = (String)next.get(1);
if (expectedIP.equalsIgnoreCase(ipAddress)) {
return;
}
}
}
throw new CertificateException("No subject alternative " +
"names matching " + "IP address " +
expectedIP + " found");
}
I think failed compare "if (expectedIP.equalsIgnoreCase(ipAddress)) {".
expectedIP is abbrevation ipv6 format, but ipAddress is non-abbrevation ipv6 format. As a result, the compare is failed if the ipv6 address is the same.
So, I changed the ip address and subject altnames from 2001:db8::1:1:0:1 to 1111:2222:3333:4444:aaaa:bbbb:cccc:dddd(non-abbrevation address) and it does work!
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
1. Access by host name.
2. Use non-abbrevation ipv6 address
- backported by
-
JDK-8072894 Failed Java web start via IPv6 (Java7u71 or later)
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- duplicates
-
-
- Closed
-