security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java jtreg test errors
Sean Mullan
sean.mullan at oracle.com
Fri Mar 20 17:15:26 UTC 2020
See also the March 20 issue at https://www.globalsign.com/en/status. It
could be related. I would monitor it going forward and see if you have
any more issues, and if so we can report it to GlobalSign.
--Sean
On 3/20/20 12:45 PM, Rajan Halade wrote:
> Hi Matthias,
>
> I tried several runs of this test but am not able to reproduce the
> issue. May be requests from my tests are routed to different OCSP
> instance. OCSP responder instance can return internalError for
> inconsistent internal state.
>
> How frequent is the failure for you if you are still seeing it?
>
> Thanks,
> Rajan
>
>> On Mar 19, 2020, at 4:23 AM, Baesken, Matthias
>> <matthias.baesken at sap.com <mailto:matthias.baesken at sap.com>> wrote:
>>
>> Hello, for a few days we see the test
>> security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java
>> failing sometimes. The failures are seen not only in jdk/jdk but also
>> in jdk11, that's why we suppose it might be
>> some issue with the infrastructure and/or certificate authority ?
>> The errors are like this one (shows up on different OS platforms) :
>> ...
>> Issuer: CN=VeriSign Class 3 Public Primary Certification Authority -
>> G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only",
>> OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
>> Subject: CN=VeriSign Class 3 Public Primary Certification Authority
>> - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only",
>> OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US)
>> certpath: X509CertSelector.match: subject DNs don't match
>> java.lang.RuntimeException: TEST FAILED: couldn't determine EE
>> certificate status
>> at
>> ValidatePathWithParams.validate(ValidatePathWithParams.java:177)
>> at GlobalSignR6CA.main(GlobalSignR6CA.java:192)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> at
>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at
>> java.base/java.lang.reflect.Method.invoke(Method.java:566)
>> at
>> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
>> at java.base/java.lang.Thread.run(Thread.java:834)
>> Caused by: java.security.cert.CertPathValidatorException: OCSP
>> response error: INTERNAL_ERROR
>> at
>> java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
>> at
>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:237)
>> at
>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145)
>> at
>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84)
>> at
>> java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
>> at
>> ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288)
>> at
>> ValidatePathWithParams.validate(ValidatePathWithParams.java:142)
>> ... 7 more
>> Caused by: java.security.cert.CertPathValidatorException: OCSP
>> response error: INTERNAL_ERROR
>> at
>> java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:386)
>> at
>> java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:195)
>> at
>> java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:742)
>> at
>> java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:362)
>> at
>> java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:336)
>> at
>> java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
>> ... 13 more
>> Do you notice the issue in your jtreg tests as well ?
>> Any hints about this ?
>> Thanks, Matthias
>
More information about the security-dev
mailing list