-
Bug
-
Resolution: Fixed
-
P3
-
9
-
b100
-
Verified
Steps to reproduce:
0. Install jre9-b92
1. Import self signed root ca to jre/lib/security/cacerts to have a valid trusted cert
keytool -import -file cacert.pem -keystore ../lib/security/cacerts -storepass changeit -alias cakey -noprompt
See http://sqeweb.us.oracle.com/net/scanas415/export/deployment/crystal/DO_NOT_REMOVE_ME/jrebug/JawsOcspAndCrlCheck/lib/cacert.pem
2. Load jnlp that signed with revoked cert: javaws http://sqeweb.us.oracle.com/net/scanas415/export/deployment/crystal/DO_NOT_REMOVE_ME/jrebug/JawsOcspAndCrlCheck/jnlp/testOCSPRevokedCertJNLP.jnlp
3. If test jnlp exits silently, then this bug is reproduced.
Expected behavior: A dialog saying "the certificate is revoked' should show up and app should not get loaded.
From trace, I can see "security: OCSP Response: REVOKED" info and then "basic: Exiting".
See attachment for detail trace.
Note: it works fine with jre9-b90.
0. Install jre9-b92
1. Import self signed root ca to jre/lib/security/cacerts to have a valid trusted cert
keytool -import -file cacert.pem -keystore ../lib/security/cacerts -storepass changeit -alias cakey -noprompt
See http://sqeweb.us.oracle.com/net/scanas415/export/deployment/crystal/DO_NOT_REMOVE_ME/jrebug/JawsOcspAndCrlCheck/lib/cacert.pem
2. Load jnlp that signed with revoked cert: javaws http://sqeweb.us.oracle.com/net/scanas415/export/deployment/crystal/DO_NOT_REMOVE_ME/jrebug/JawsOcspAndCrlCheck/jnlp/testOCSPRevokedCertJNLP.jnlp
3. If test jnlp exits silently, then this bug is reproduced.
Expected behavior: A dialog saying "the certificate is revoked' should show up and app should not get loaded.
From trace, I can see "security: OCSP Response: REVOKED" info and then "basic: Exiting".
See attachment for detail trace.
Note: it works fine with jre9-b90.
- relates to
-
-
- Resolved
-