security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails in jdk
Baesken, Matthias
matthias.baesken at sap.com
Wed Jul 11 14:43:05 UTC 2018
Hello, currently the security related test
security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java
fails in jdk.
I currently get an exception :
java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
at ValidatePathWithParams.validate(ValidatePathWithParams.java:193)
at RootCA1.runTest(QuoVadisCA.java:186)
at QuoVadisCA.main(QuoVadisCA.java:64)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:115)
at java.base/java.lang.Thread.run(Thread.java:834)
JavaTest Message: Test threw exception: java.lang.RuntimeException: TEST FAILED: unexpected status of EE certificate
JavaTest Message: shutting down test
... and in stdout there is a better message that seems to show the reason , a certificate is expected to be "GOOD" but it has been revoked Fri Jan 19 15:39:57 CET 2018 .
Should the test be updated with more recent certs (seems they are hardwired in the test java source) ?
=====================================================
CONFIGURATION
=====================================================
http.proxyHost :proxy
http.proxyPort :8080
https.proxyHost :proxy
https.proxyPort :8080
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Revocation options :[PREFER_CRLS, NO_FALLBACK]
OCSP responder set :null
Trusted root set: false
Expected EE Status:GOOD
=====================================================
Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: SUPERSEDED, revocation date: Fri Jan 19 15:39:57 CET 2018, authority: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, extension OIDs: [2.5.29.21]
Expected Certificate status: GOOD
Certificate status after validation: REVOKED
Best regards, Matthias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20180711/892d16a5/attachment.htm>
More information about the security-dev
mailing list