-
Bug
-
Resolution: External
-
P4
-
None
-
23
-
generic
-
generic
The following two CA interop tests for the ssl.com root CA fail:
FAILED: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrooteccca
FAILED: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootevrsaca
with:
certpath: X509CertSelector.match: subject DNs don't match
java.lang.RuntimeException: Unhandled exception
at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:176)
at ValidatePathWithURL.validateDomain(ValidatePathWithURL.java:128)
at CAInterop.validate(CAInterop.java:784)
at CAInterop.main(CAInterop.java:726)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
at java.base/java.lang.Thread.run(Thread.java:1575)
Caused by: javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path validation failed: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1326)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1203)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1146)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1507)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1422)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:141)
at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:142)
... 7 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:318)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:256)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1310)
... 22 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:224)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:144)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:313)
... 27 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
at java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:390)
at java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:172)
at java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:780)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:369)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:343)
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 32 more
Suppressed: java.security.cert.CertPathValidatorException: Could not determine revocation status
at java.base/sun.security.provider.certpath.RevocationChecker.buildToNewKey(RevocationChecker.java:1146)
at java.base/sun.security.provider.certpath.RevocationChecker.verifyWithSeparateSigningKey(RevocationChecker.java:965)
at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:607)
at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:470)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:399)
... 34 more
FAILED: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrooteccca
FAILED: security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#sslrootevrsaca
with:
certpath: X509CertSelector.match: subject DNs don't match
java.lang.RuntimeException: Unhandled exception
at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:176)
at ValidatePathWithURL.validateDomain(ValidatePathWithURL.java:128)
at CAInterop.validate(CAInterop.java:784)
at CAInterop.main(CAInterop.java:726)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
at java.base/java.lang.Thread.run(Thread.java:1575)
Caused by: javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path validation failed: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1326)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1203)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1146)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1507)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1422)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:141)
at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:142)
... 7 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:318)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:256)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1310)
... 22 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:224)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:144)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:313)
... 27 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
at java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:390)
at java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:172)
at java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:780)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:369)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:343)
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 32 more
Suppressed: java.security.cert.CertPathValidatorException: Could not determine revocation status
at java.base/sun.security.provider.certpath.RevocationChecker.buildToNewKey(RevocationChecker.java:1146)
at java.base/sun.security.provider.certpath.RevocationChecker.verifyWithSeparateSigningKey(RevocationChecker.java:965)
at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:607)
at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:470)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:399)
... 34 more
There are no Sub-Tasks for this issue.