-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
8u181
-
x86_64
-
windows_10
ADDITIONAL SYSTEM INFORMATION :
Windows 10, x64
Java 8
A DESCRIPTION OF THE PROBLEM :
Sometimes a server-certificate can contain more than one extension. Currently, java throws a "duplicate extensions not allowed" error and quits. However, this "error" is ignored by every other platform, except java.
The previously mentioned solution "merge the extensions" cannot be implemented: the certificate is created by a 3rd party and cannot be altered (which would introduce a security-risk on its own).
It should at least be possible for the java-application to choose to ignore duplicate extensions.
REGRESSION : Last worked in version 8u181
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to connect to a Siemens S7-1500 webserver using the java-application and login to the HTTPS section of the server.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The certificate is accepted.
ACTUAL -
29/09 10:48:29:723[WT-EventQueue-0] show[uri=form:///gti.ui.main.VisualizationForm?FACTORY_OBJECT_NAME=utilities][parameters=FACTORY_OBJECT_NAME=utilities, ]
WARNING: The prism-j2d pipeline should not be used as the software
fallback pipeline. It is no longer tested nor intended to be used for
on-screen rendering. Please use the prism-sw pipeline instead by setting
the "prism.order" system property to "sw" rather than "j2d".
29/09 10:48:32:866[WT-EventQueue-0] show[uri=http://10.58.200.70/Portal/Portal.mwsl?coming_from_intro=true&PriNav=Start&intro_enter_button=ENTER][parameters=coming_from_intro=true, PriNav=Start, intro_enter_button=ENTER, ]
29/09 10:48:33:035[zationUpdates-2] Load toc
sep 29, 2018 10:48:47 AM com.sun.webkit.network.URLLoader doRun
WARNING: Unexpected error
javax.net.ssl.SSLProtocolException: java.io.IOException: Duplicate extensions not allowed
at sun.security.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.sun.webkit.network.URLLoader.sendRequest(Unknown Source)
at com.sun.webkit.network.URLLoader.doRun(Unknown Source)
at com.sun.webkit.network.URLLoader.lambda$run$91(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.webkit.network.URLLoader.run(Unknown Source)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Duplicate extensions not allowed
at sun.security.x509.X509CertInfo.<init>(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.<init>(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
... 21 more
Caused by: java.io.IOException: Duplicate extensions not allowed
at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)
at sun.security.x509.CertificateExtensions.init(Unknown Source)
at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)
... 26 more
CUSTOMER SUBMITTED WORKAROUND :
There is no workaround. It is impossible to force the 3rd party creator of the certificate to change its structure.
FREQUENCY : always
Windows 10, x64
Java 8
A DESCRIPTION OF THE PROBLEM :
Sometimes a server-certificate can contain more than one extension. Currently, java throws a "duplicate extensions not allowed" error and quits. However, this "error" is ignored by every other platform, except java.
The previously mentioned solution "merge the extensions" cannot be implemented: the certificate is created by a 3rd party and cannot be altered (which would introduce a security-risk on its own).
It should at least be possible for the java-application to choose to ignore duplicate extensions.
REGRESSION : Last worked in version 8u181
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Try to connect to a Siemens S7-1500 webserver using the java-application and login to the HTTPS section of the server.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The certificate is accepted.
ACTUAL -
29/09 10:48:29:723[WT-EventQueue-0] show[uri=form:///gti.ui.main.VisualizationForm?FACTORY_OBJECT_NAME=utilities][parameters=FACTORY_OBJECT_NAME=utilities, ]
WARNING: The prism-j2d pipeline should not be used as the software
fallback pipeline. It is no longer tested nor intended to be used for
on-screen rendering. Please use the prism-sw pipeline instead by setting
the "prism.order" system property to "sw" rather than "j2d".
29/09 10:48:32:866[WT-EventQueue-0] show[uri=http://10.58.200.70/Portal/Portal.mwsl?coming_from_intro=true&PriNav=Start&intro_enter_button=ENTER][parameters=coming_from_intro=true, PriNav=Start, intro_enter_button=ENTER, ]
29/09 10:48:33:035[zationUpdates-2] Load toc
sep 29, 2018 10:48:47 AM com.sun.webkit.network.URLLoader doRun
WARNING: Unexpected error
javax.net.ssl.SSLProtocolException: java.io.IOException: Duplicate extensions not allowed
at sun.security.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at com.sun.webkit.network.URLLoader.sendRequest(Unknown Source)
at com.sun.webkit.network.URLLoader.doRun(Unknown Source)
at com.sun.webkit.network.URLLoader.lambda$run$91(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.webkit.network.URLLoader.run(Unknown Source)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateParsingException: java.io.IOException: Duplicate extensions not allowed
at sun.security.x509.X509CertInfo.<init>(Unknown Source)
at sun.security.x509.X509CertImpl.parse(Unknown Source)
at sun.security.x509.X509CertImpl.<init>(Unknown Source)
at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
... 21 more
Caused by: java.io.IOException: Duplicate extensions not allowed
at sun.security.x509.CertificateExtensions.parseExtension(Unknown Source)
at sun.security.x509.CertificateExtensions.init(Unknown Source)
at sun.security.x509.CertificateExtensions.<init>(Unknown Source)
at sun.security.x509.X509CertInfo.parse(Unknown Source)
... 26 more
CUSTOMER SUBMITTED WORKAROUND :
There is no workaround. It is impossible to force the 3rd party creator of the certificate to change its structure.
FREQUENCY : always
- relates to
-
-
- Closed
-