security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java failure in jdk20

Baesken, Matthias matthias.baesken at sap.com
Mon Jul 4 07:57:09 UTC 2022


Hello, after https://bugs.openjdk.org/browse/JDK-8224768   removed the ActalisCA test from the problem list, we see the test failing on all platforms
 when running with JDK20 .

Can someone who runs those tests regularly confirm this ?

Thanks, Matthias

Failure is :
=====================================================
CONFIGURATION
=====================================================
http.proxyHost :null
http.proxyPort :null
https.proxyHost :null
https.proxyPort :null
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage SignedJAR & denyAfter 2019-01-01
Revocation options :[NO_FALLBACK]
OCSP responder set :null
Trusted root set: false
Expected EE Status:GOOD
=====================================================
Successful CertPath validation
Expected Certificate status: GOOD
Certificate status after validation: GOOD

=====================================================
CONFIGURATION
=====================================================
http.proxyHost :null
http.proxyPort :null
https.proxyHost :null
https.proxyPort :null
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage SignedJAR & denyAfter 2019-01-01
Revocation options :[NO_FALLBACK]
OCSP responder set :null
Trusted root set: false
Validation Date:Wed Jun 01 00:00:00 CEST 2022
Expected EE Status:REVOKED
Expected EE Revocation Date:Mon Mar 07 15:11:11 CET 2022
=====================================================
Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: CESSATION_OF_OPERATION, revocation date: Mon Mar 07 15:11:11 CET 2022, authority: CN=Actalis Organization Validated Server CA G3 - OCSP Responder, O=Actalis S.p.A., L=Ponte San Pietro, ST=Bergamo, C=IT, extension OIDs: []
Expected Certificate status: REVOKED
Certificate status after validation: REVOKED
Certificate revocation date:Mon Mar 07 15:11:11 CET 2022
Expected revocation date:Mon Mar 07 15:11:11 CET 2022
--------------------------------

=====================================================
CONFIGURATION
=====================================================
http.proxyHost :null
http.proxyPort :null
https.proxyHost :null
https.proxyPort :null
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage SignedJAR & denyAfter 2019-01-01
Revocation options :[NO_FALLBACK, PREFER_CRLS]
OCSP responder set :null
Trusted root set: false
Expected EE Status:GOOD
=====================================================
Received exception: java.security.cert.CertPathValidatorException: sun.security.provider.certpath.PKIX$CertStoreTypeException: Invalid name: cn=Actalis Authentication Root CA,o=Actalis S.p.A./03358520967,c=IT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20220704/6780702f/attachment-0001.htm>


More information about the security-dev mailing list