Details
-
Bug
-
Resolution: Unresolved
-
P4
-
openjdk8u252, 11.0.6, 17, 20, 21, 22
-
Fix Understood
Description
Easiest way to reproduce is:
1. Add "127.0.0.1 crl.luxtrust.lu" to /etc/hosts
2. Run:
```
$ CONF=macosx-aarch64-server-fastdebug make test TEST=security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java
TEST RESULT: Failed. Execution failed: `main' threw exception: java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status
java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status
at ValidatePathWithParams.validate(ValidatePathWithParams.java:177)
at LuxTrustCA.main(LuxTrustCA.java:187)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
at java.base/java.lang.Thread.run(Thread.java:1570)
Caused by: java.security.cert.CertPathValidatorException: Unable to determine revocation status due to network error
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:224)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:144)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288)
at ValidatePathWithParams.validate(ValidatePathWithParams.java:142)
... 5 more
Caused by: sun.security.provider.certpath.PKIX$CertStoreTypeException: java.net.ConnectException: Connection refused
at java.base/sun.security.provider.certpath.URICertStore.engineGetCRLs(URICertStore.java:438)
at java.base/java.security.cert.CertStore.getCRLs(CertStore.java:182)
at java.base/sun.security.provider.certpath.DistributionPointFetcher.getCRL(DistributionPointFetcher.java:236)
at java.base/sun.security.provider.certpath.DistributionPointFetcher.getCRLs(DistributionPointFetcher.java:179)
at java.base/sun.security.provider.certpath.DistributionPointFetcher.getCRLs(DistributionPointFetcher.java:110)
at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:583)
at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:470)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:373)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:343)
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 11 more
Caused by: java.net.ConnectException: Connection refused
at java.base/sun.nio.ch.Net.pollConnect(Native Method)
at java.base/sun.nio.ch.Net.pollConnectNow(Net.java:682)
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:542)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:592)
at java.base/java.net.Socket.connect(Socket.java:751)
```
1. Add "127.0.0.1 crl.luxtrust.lu" to /etc/hosts
2. Run:
```
$ CONF=macosx-aarch64-server-fastdebug make test TEST=security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java
TEST RESULT: Failed. Execution failed: `main' threw exception: java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status
java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status
at ValidatePathWithParams.validate(ValidatePathWithParams.java:177)
at LuxTrustCA.main(LuxTrustCA.java:187)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
at java.base/java.lang.Thread.run(Thread.java:1570)
Caused by: java.security.cert.CertPathValidatorException: Unable to determine revocation status due to network error
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:224)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:144)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288)
at ValidatePathWithParams.validate(ValidatePathWithParams.java:142)
... 5 more
Caused by: sun.security.provider.certpath.PKIX$CertStoreTypeException: java.net.ConnectException: Connection refused
at java.base/sun.security.provider.certpath.URICertStore.engineGetCRLs(URICertStore.java:438)
at java.base/java.security.cert.CertStore.getCRLs(CertStore.java:182)
at java.base/sun.security.provider.certpath.DistributionPointFetcher.getCRL(DistributionPointFetcher.java:236)
at java.base/sun.security.provider.certpath.DistributionPointFetcher.getCRLs(DistributionPointFetcher.java:179)
at java.base/sun.security.provider.certpath.DistributionPointFetcher.getCRLs(DistributionPointFetcher.java:110)
at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:583)
at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:470)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:373)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:343)
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 11 more
Caused by: java.net.ConnectException: Connection refused
at java.base/sun.nio.ch.Net.pollConnect(Native Method)
at java.base/sun.nio.ch.Net.pollConnectNow(Net.java:682)
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:542)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:592)
at java.base/java.net.Socket.connect(Socket.java:751)
```
Attachments
Issue Links
- relates to
-
JDK-8232019 Add LuxTrust certificate updates to the existing root program
- Resolved