security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java jtreg test errors

Sean Mullan sean.mullan at oracle.com
Fri Mar 20 17:15:26 UTC 2020


See also the March 20 issue at https://www.globalsign.com/en/status. It 
could be related. I would monitor it going forward and see if you have 
any more issues, and if so we can report it to GlobalSign.

--Sean

On 3/20/20 12:45 PM, Rajan Halade wrote:
> Hi Matthias,
> 
> I tried several runs of this test but am not able to reproduce the 
> issue. May be requests from my tests are routed to different OCSP 
> instance. OCSP responder instance can return internalError for 
> inconsistent internal state.
> 
> How frequent is the failure for you if you are still seeing it?
> 
> Thanks,
> Rajan
> 
>> On Mar 19, 2020, at 4:23 AM, Baesken, Matthias 
>> <matthias.baesken at sap.com <mailto:matthias.baesken at sap.com>> wrote:
>>
>> Hello, for a few days we see the test 
>> security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java
>> failing sometimes. The failures are seen not only in jdk/jdk but also 
>> in jdk11, that's why we suppose it might be
>> some issue with the infrastructure and/or certificate authority ?
>> The errors  are like this one  (shows up on different OS platforms) :
>> ...
>>   Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - 
>> G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", 
>> OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
>>   Subject: CN=VeriSign Class 3 Public Primary Certification Authority 
>> - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", 
>> OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US)
>> certpath: X509CertSelector.match: subject DNs don't match
>> java.lang.RuntimeException: TEST FAILED: couldn't determine EE 
>> certificate status
>>                at 
>> ValidatePathWithParams.validate(ValidatePathWithParams.java:177)
>>                at GlobalSignR6CA.main(GlobalSignR6CA.java:192)
>>                at 
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
>> Method)
>>                at 
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>>                at 
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>                at 
>> java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>                at 
>> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
>>                at java.base/java.lang.Thread.run(Thread.java:834)
>> Caused by: java.security.cert.CertPathValidatorException: OCSP 
>> response error: INTERNAL_ERROR
>>                at 
>> java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
>>                at 
>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:237)
>>                at 
>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145)
>>                at 
>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84)
>>                at 
>> java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
>>                at 
>> ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288)
>>                at 
>> ValidatePathWithParams.validate(ValidatePathWithParams.java:142)
>>                ... 7 more
>> Caused by: java.security.cert.CertPathValidatorException: OCSP 
>> response error: INTERNAL_ERROR
>>                at 
>> java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:386)
>>                at 
>> java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:195)
>>                at 
>> java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:742)
>>                at 
>> java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:362)
>>                at 
>> java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:336)
>>                at 
>> java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
>>                ... 13 more
>> Do you notice the issue in your jtreg tests as well ?
>> Any hints about this ?
>> Thanks, Matthias
> 


More information about the security-dev mailing list