-
Bug
-
Resolution: Duplicate
-
P3
-
None
-
8u121
-
x86_64
-
windows_7
FULL PRODUCT VERSION :
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
windows 7 64 bit
A DESCRIPTION OF THE PROBLEM :
We are not able to load applets using timestamped jars after the certificate used to sign the jars is expired.
We tried using JRE7 where we are able to load the applets even after certificate is expired but with a warning message.
How we tested:
1. We signed the jars and timestamped them using http://timestamp.digicert.com url.
2. We just moved the system date beyond expiration date of the certificate used to sign the jars
3. In JRE7 we are able to load the applets after certificate expiration date.
4. In JRE8 we are getting error on loading applets after certificate is expired.
We also raised a case against oracle for the same. But the case has been closed with an added comment saying because of mismatch of date/time between client machine and CRL/OCSP, the error is coming.
We have few questions:
1. We just need a confirmation if the usecase we tested is a valid testcase to test timestamping or not ?
2. If this is not the valid usecase or because of some other reasons we are getting error while loading applets using timestamped and signed jars after certificate is expired, will the applets continue to work after certificate is actully expired?
3. In JRE 7, we are getting warning message on loading applets after certificate expiration date. How should the applets behave? should not the applets load without any warning message ?
REGRESSION. Last worked in version 8u121
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. We signed the jars and timestamped them using http://timestamp.digicert.com url.
2. We just moved the system date beyond expiration date of the certificate used to sign the jars
3. In JRE7 we are able to load the applets after certificate expiration date.
4. In JRE8 we are getting error on loading applets after certificate is expired.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
We should be able to load applets with timestamped signed jars after certificate used to sign the jars is expired without any warning message.
ACTUAL -
Using JRE8 we are not able to load the applets at all.
Using JRE7, we are able to load applets with a warning message.
REPRODUCIBILITY :
This bug can be reproduced always.
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
windows 7 64 bit
A DESCRIPTION OF THE PROBLEM :
We are not able to load applets using timestamped jars after the certificate used to sign the jars is expired.
We tried using JRE7 where we are able to load the applets even after certificate is expired but with a warning message.
How we tested:
1. We signed the jars and timestamped them using http://timestamp.digicert.com url.
2. We just moved the system date beyond expiration date of the certificate used to sign the jars
3. In JRE7 we are able to load the applets after certificate expiration date.
4. In JRE8 we are getting error on loading applets after certificate is expired.
We also raised a case against oracle for the same. But the case has been closed with an added comment saying because of mismatch of date/time between client machine and CRL/OCSP, the error is coming.
We have few questions:
1. We just need a confirmation if the usecase we tested is a valid testcase to test timestamping or not ?
2. If this is not the valid usecase or because of some other reasons we are getting error while loading applets using timestamped and signed jars after certificate is expired, will the applets continue to work after certificate is actully expired?
3. In JRE 7, we are getting warning message on loading applets after certificate expiration date. How should the applets behave? should not the applets load without any warning message ?
REGRESSION. Last worked in version 8u121
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. We signed the jars and timestamped them using http://timestamp.digicert.com url.
2. We just moved the system date beyond expiration date of the certificate used to sign the jars
3. In JRE7 we are able to load the applets after certificate expiration date.
4. In JRE8 we are getting error on loading applets after certificate is expired.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
We should be able to load applets with timestamped signed jars after certificate used to sign the jars is expired without any warning message.
ACTUAL -
Using JRE8 we are not able to load the applets at all.
Using JRE7, we are able to load applets with a warning message.
REPRODUCIBILITY :
This bug can be reproduced always.
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-