JavaFX WebView TLS/SSL Certificate Revocation Check
Kevin Rushforth
kevin.rushforth at oracle.com
Mon Jan 4 22:23:14 UTC 2016
Try the following:
System.setProperty("com.sun.net.ssl.checkRevocation", "true");
-- Kevin
Michael Ennen wrote:
> Hello,
>
> I will keep this short and brief. If one attempts to use the WebView
> control to load the following page:
>
> https://revoked.grc.com/
>
> The page is loaded, SSL handshake completes successfully, and it is
> displayed and no exceptions are thrown
> (e.g. webView.getEngine().getLoadWorker().getException() is null) and the
> WorkerState goes to Worker.State.SUCCEEDED.
>
> However, the certificate of this page is indeed revoked.
>
> I understand that the WebView uses HttpsUrlConnection under the covers, and
> so I did some googling about OSCP/CRL (which are certificate revocation
> protocols, for lack of a better term). It seems that OSCP can be enabled
> via:
>
> Security.setProperty("ocsp.enable", "true");
>
> and, as a fallback, CRL can be enabled via:
>
> System.setProperty("com.sun.security.enableCRLDP", "true");
>
> However, neither of these make any difference in regards to the successful
> outcome posted above.
>
> One really disgusting workaround to this problem would be to write a
> TrustManager (which is extremely difficult in my estimation, and prone to
> error) that checks for certificate revocation (by using, for example,
> the sun.security.provider.certpath.OSCPChecker class) but since there is no
> way to hook into the validation check of an existing TrustManager, all of
> the existing functionality would have to be duplicated.
>
> Considering the WebView can be used essentially as a browser (especially
> given the fact that it is based on WebKit) I think this is quite a serious
> issue (and indeed is a serious issue for my particular application).
>
> Has anyone run into this problem and come up with a solution? Is this a
> known bug? Is there anything I can do to fix it?
>
> Thanks very much,
>
>
>
>
More information about the openjfx-dev
mailing list