Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
P1
-
Resolution: Fixed
-
Affects Version/s: 6u10
-
Fix Version/s: 6u10
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Introduced In Build:b25
-
Introduced In Version:
-
Resolved In Build:b25
-
CPU:generic
-
OS:generic
Description
When OCSP responder return revoked information for those certificates has been revoked, OCSP validator throw IndexOutOfBoundsException.
========================================================
TEST_CASE: ./testcase/openssl/OpenSSL_User_Revoke
========================================================
PROXY_HOST:null
PROXY_PORT:null
OCSP_ENABLE:true
OCSP_RESPONDER_URL:http://powerpuff.sfbay.sun.com:9996
OCSP_RESPONDER_CERT_SUBJECT_NAME:null
OCSP_RESPONDER_CERT_ISSUER_NAME:null
OCSP_RESPONDER_CERT_SERIAL_NUMBER:null
TRUSTED_ROOT:./data/openssl/RootCAcert.crt
EE_CERT:./data/openssl/userRevoke.crt
EXPECTED_EXCEPTION:java.security.cert.CertPathValidatorException: Certificate has been revoked
========================================================
e.getCause(): java.lang.IndexOutOfBoundsException
e.getLocalizedMessage(): java.lang.IndexOutOfBoundsException
e.getIndex(): 0
RESULT: FALSE
java.security.cert.CertPathValidatorException: java.lang.IndexOutOfBoundsException
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:316)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at TestOCSP.run(TestOCSP.java:209)
at TestOCSP.main(TestOCSP.java:60)
Caused by: java.lang.IndexOutOfBoundsException
at java.security.cert.CertPathValidatorException.<init>(CertPathValidatorException.java:131)
at sun.security.provider.certpath.CertificateRevokedException.<init>(OCSPChecker.java:490)
at sun.security.provider.certpath.OCSPChecker.check(OCSPChecker.java:370)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
... 5 more
========================================================
This test case failed when running with 6u10 b25 pit bundles , not sure if it's caused by bug fix of #6383078 in this pit. But this testcase can pass with previous build.
For more details , please visit :
http://sqeweb.sfbay/jsn/keep_forbug/jsn_6.0_UR_int-pit_sec_6.0_UR_linux-i586-2008-05-28-00-35-51-0851/dtftest.Linux.i386/OCSP/
========================================================
TEST_CASE: ./testcase/openssl/OpenSSL_User_Revoke
========================================================
PROXY_HOST:null
PROXY_PORT:null
OCSP_ENABLE:true
OCSP_RESPONDER_URL:http://powerpuff.sfbay.sun.com:9996
OCSP_RESPONDER_CERT_SUBJECT_NAME:null
OCSP_RESPONDER_CERT_ISSUER_NAME:null
OCSP_RESPONDER_CERT_SERIAL_NUMBER:null
TRUSTED_ROOT:./data/openssl/RootCAcert.crt
EE_CERT:./data/openssl/userRevoke.crt
EXPECTED_EXCEPTION:java.security.cert.CertPathValidatorException: Certificate has been revoked
========================================================
e.getCause(): java.lang.IndexOutOfBoundsException
e.getLocalizedMessage(): java.lang.IndexOutOfBoundsException
e.getIndex(): 0
RESULT: FALSE
java.security.cert.CertPathValidatorException: java.lang.IndexOutOfBoundsException
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:316)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at TestOCSP.run(TestOCSP.java:209)
at TestOCSP.main(TestOCSP.java:60)
Caused by: java.lang.IndexOutOfBoundsException
at java.security.cert.CertPathValidatorException.<init>(CertPathValidatorException.java:131)
at sun.security.provider.certpath.CertificateRevokedException.<init>(OCSPChecker.java:490)
at sun.security.provider.certpath.OCSPChecker.check(OCSPChecker.java:370)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
... 5 more
========================================================
This test case failed when running with 6u10 b25 pit bundles , not sure if it's caused by bug fix of #6383078 in this pit. But this testcase can pass with previous build.
For more details , please visit :
http://sqeweb.sfbay/jsn/keep_forbug/jsn_6.0_UR_int-pit_sec_6.0_UR_linux-i586-2008-05-28-00-35-51-0851/dtftest.Linux.i386/OCSP/