test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#microsoftrsa2017 test fails

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: P3
    • None
    • Affects Version/s: openjdk8u482, 27
    • Component/s: security-libs

      Running the test manually with:

      make LOG=info test JTREG="MANUAL=true" TEST="test/jdk/security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#microsoftrsa2017"

      Fails with:
      certpath[0x23|MainThread|X509CertSelector.java:1953|2026-01-09 12:14:59.599]: X509CertSelector.match(Serial number: 0c:be
        Issuer: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
        Subject: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW)
      certpath[0x23|MainThread|X509CertSelector.java:1996|2026-01-09 12:14:59.599]: X509CertSelector.match: subject DNs don't match
      java.lang.RuntimeException: Unhandled exception
      at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:176)
      at ValidatePathWithURL.validateDomain(ValidatePathWithURL.java:128)
      at CAInterop.validate(CAInterop.java:796)
      at CAInterop.main(CAInterop.java:738)
      at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
      at java.base/java.lang.reflect.Method.invoke(Method.java:565)
      at com.sun.javatest.regtest.agent.MainWrapper$MainTask.run(MainWrapper.java:138)
      at java.base/java.lang.Thread.run(Thread.java:1516)
      Caused by: javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder
      at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:376)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:319)
      at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
      at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1310)
      at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1172)
      at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1115)
      at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:421)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:477)
      at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
      at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
      at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
      at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
      at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
      at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
      at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:490)
      at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
      at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:141)
      at ValidatePathWithURL.validateDomainCertChain(ValidatePathWithURL.java:142)
      ... 7 more
      Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder
      at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:316)
      at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:265)
      at java.base/sun.security.validator.Validator.validate(Validator.java:256)
      at java.base/sun.security.ssl.X509TrustManagerImpl.findTrustedCertificate(X509TrustManagerImpl.java:284)
      at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:217)
      at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:128)
      at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1285)
      ... 22 more
      Caused by: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder
      at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
      at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:229)
      at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:144)
      at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:83)
      at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:311)
      at java.base/sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:311)
      ... 28 more
      Caused by: java.security.cert.CertPathValidatorException: Certificate does not specify OCSP responder
      at java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:726)
      at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:354)
      at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:328)
      at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
      ... 33 more
      Suppressed: java.security.cert.CertPathValidatorException: Could not determine revocation status
      at java.base/sun.security.provider.certpath.RevocationChecker.buildToNewKey(RevocationChecker.java:1131)
      at java.base/sun.security.provider.certpath.RevocationChecker.verifyWithSeparateSigningKey(RevocationChecker.java:950)
      at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:592)
      at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:455)
      at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:384)
      ... 35 more

      JavaTest Message: Test threw exception: java.lang.RuntimeException: Unhandled exception
      JavaTest Message: shutting down test

      STATUS:Failed.`main' threw exception: java.lang.RuntimeException: Unhandled exception

            Assignee:
            Unassigned
            Reporter:
            Severin Gehwolf
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: