security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java jtreg test errors

Sean Mullan sean.mullan at oracle.com
Fri Mar 20 17:30:08 UTC 2020 

On 3/20/20 1:15 PM, Sean Mullan wrote:
> See also the March 20 issue at https://www.globalsign.com/en/status.

I meant to say the March *2020* issue, where it says "Load-based issues 
in Singapore Data Centre", Updated on 18 March 2020.

--Sean

> It 
> could be related. I would monitor it going forward and see if you have 
> any more issues, and if so we can report it to GlobalSign.
> 
> --Sean
> 
> On 3/20/20 12:45 PM, Rajan Halade wrote:
>> Hi Matthias,
>>
>> I tried several runs of this test but am not able to reproduce the 
>> issue. May be requests from my tests are routed to different OCSP 
>> instance. OCSP responder instance can return internalError for 
>> inconsistent internal state.
>>
>> How frequent is the failure for you if you are still seeing it?
>>
>> Thanks,
>> Rajan
>>
>>> On Mar 19, 2020, at 4:23 AM, Baesken, Matthias 
>>> <matthias.baesken at sap.com <mailto:matthias.baesken at sap.com>> wrote:
>>>
>>> Hello, for a few days we see the test 
>>> security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java 
>>>
>>> failing sometimes. The failures are seen not only in jdk/jdk but also 
>>> in jdk11, that's why we suppose it might be
>>> some issue with the infrastructure and/or certificate authority ?
>>> The errors  are like this one  (shows up on different OS platforms) :
>>> ...
>>>   Issuer: CN=VeriSign Class 3 Public Primary Certification Authority 
>>> - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", 
>>> OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
>>>   Subject: CN=VeriSign Class 3 Public Primary Certification Authority 
>>> - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", 
>>> OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US)
>>> certpath: X509CertSelector.match: subject DNs don't match
>>> java.lang.RuntimeException: TEST FAILED: couldn't determine EE 
>>> certificate status
>>>                at 
>>> ValidatePathWithParams.validate(ValidatePathWithParams.java:177)
>>>                at GlobalSignR6CA.main(GlobalSignR6CA.java:192)
>>>                at 
>>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
>>>
>>>                at 
>>> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
>>>
>>>                at 
>>> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
>>>
>>>                at 
>>> java.base/java.lang.reflect.Method.invoke(Method.java:566)
>>>                at 
>>> com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) 
>>>
>>>                at java.base/java.lang.Thread.run(Thread.java:834)
>>> Caused by: java.security.cert.CertPathValidatorException: OCSP 
>>> response error: INTERNAL_ERROR
>>>                at 
>>> java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) 
>>>
>>>                at 
>>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:237) 
>>>
>>>                at 
>>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145) 
>>>
>>>                at 
>>> java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84) 
>>>
>>>                at 
>>> java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309) 
>>>
>>>                at 
>>> ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288) 
>>>
>>>                at 
>>> ValidatePathWithParams.validate(ValidatePathWithParams.java:142)
>>>                ... 7 more
>>> Caused by: java.security.cert.CertPathValidatorException: OCSP 
>>> response error: INTERNAL_ERROR
>>>                at 
>>> java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:386) 
>>>
>>>                at 
>>> java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:195)
>>>                at 
>>> java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:742) 
>>>
>>>                at 
>>> java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:362) 
>>>
>>>                at 
>>> java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:336) 
>>>
>>>                at 
>>> java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) 
>>>
>>>                ... 13 more
>>> Do you notice the issue in your jtreg tests as well ?
>>> Any hints about this ?
>>> Thanks, Matthias
>>

More information about the security-dev mailing list