security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java jtreg test errors
Baesken, Matthias
matthias.baesken at sap.com
Thu Mar 19 11:23:30 UTC 2020
Hello, for a few days we see the test security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java
failing sometimes. The failures are seen not only in jdk/jdk but also in jdk11, that's why we suppose it might be
some issue with the infrastructure and/or certificate authority ?
The errors are like this one (shows up on different OS platforms) :
...
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US)
certpath: X509CertSelector.match: subject DNs don't match
java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status
at ValidatePathWithParams.validate(ValidatePathWithParams.java:177)
at GlobalSignR6CA.main(GlobalSignR6CA.java:192)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.security.cert.CertPathValidatorException: OCSP response error: INTERNAL_ERROR
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:237)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145)
at java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84)
at java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288)
at ValidatePathWithParams.validate(ValidatePathWithParams.java:142)
... 7 more
Caused by: java.security.cert.CertPathValidatorException: OCSP response error: INTERNAL_ERROR
at java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:386)
at java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:195)
at java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:742)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:362)
at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:336)
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 13 more
Do you notice the issue in your jtreg tests as well ?
Any hints about this ?
Thanks, Matthias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20200319/7a7367dd/attachment.htm>
More information about the security-dev
mailing list