security/infra/java/security/cert/CertPathValidator/certification/ActalisCA.java failure in jdk20

Wed Jul 6 16:58:24 UTC 2022

Yes, I see the same issue. Please file a bug. It is trying to retrieve a 
CRL from the CA's LDAP repository and not finding an entry. Use of LDAP 
URLs for fetching CRLs is somewhat rare in my experience (usually it 
uses HTTP). It could be an issue with the CA's configuration, or it 
could possibly be a bug in the JDK, or it could be something with the 
test configuration. More evaluation is needed.

--Sean

On 7/4/22 3:57 AM, Baesken, Matthias wrote:
> Hello, after https://bugs.openjdk.org/browse/JDK-8224768 
> <https://bugs.openjdk.org/browse/JDK-8224768>   removed the ActalisCA 
> test from the problem list, we see the test failing on all platforms
> 
>   when running with JDK20 .
> 
> Can someone who runs those tests regularly confirm this ?
> 
> Thanks, Matthias
> 
> Failure is :
> 
> =====================================================
> 
> CONFIGURATION
> 
> =====================================================
> 
> http.proxyHost :null
> 
> http.proxyPort :null
> 
> https.proxyHost :null
> 
> https.proxyPort :null
> 
> https.socksProxyHost :null
> 
> https.socksProxyPort :null
> 
> jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, 
> RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage 
> SignedJAR & denyAfter 2019-01-01
> 
> Revocation options :[NO_FALLBACK]
> 
> OCSP responder set :null
> 
> Trusted root set: false
> 
> Expected EE Status:GOOD
> 
> =====================================================
> 
> Successful CertPath validation
> 
> Expected Certificate status: GOOD
> 
> Certificate status after validation: GOOD
> 
> =====================================================
> 
> CONFIGURATION
> 
> =====================================================
> 
> http.proxyHost :null
> 
> http.proxyPort :null
> 
> https.proxyHost :null
> 
> https.proxyPort :null
> 
> https.socksProxyHost :null
> 
> https.socksProxyPort :null
> 
> jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, 
> RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage 
> SignedJAR & denyAfter 2019-01-01
> 
> Revocation options :[NO_FALLBACK]
> 
> OCSP responder set :null
> 
> Trusted root set: false
> 
> Validation Date:Wed Jun 01 00:00:00 CEST 2022
> 
> Expected EE Status:REVOKED
> 
> Expected EE Revocation Date:Mon Mar 07 15:11:11 CET 2022
> 
> =====================================================
> 
> Received exception: java.security.cert.CertPathValidatorException: 
> Certificate has been revoked, reason: CESSATION_OF_OPERATION, revocation 
> date: Mon Mar 07 15:11:11 CET 2022, authority: CN=Actalis Organization 
> Validated Server CA G3 - OCSP Responder, O=Actalis S.p.A., L=Ponte San 
> Pietro, ST=Bergamo, C=IT, extension OIDs: []
> 
> Expected Certificate status: REVOKED
> 
> Certificate status after validation: REVOKED
> 
> Certificate revocation date:Mon Mar 07 15:11:11 CET 2022
> 
> Expected revocation date:Mon Mar 07 15:11:11 CET 2022
> 
> --------------------------------
> 
> =====================================================
> 
> CONFIGURATION
> 
> =====================================================
> 
> http.proxyHost :null
> 
> http.proxyPort :null
> 
> https.proxyHost :null
> 
> https.proxyPort :null
> 
> https.socksProxyHost :null
> 
> https.socksProxyPort :null
> 
> jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, 
> RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage 
> SignedJAR & denyAfter 2019-01-01
> 
> Revocation options :[NO_FALLBACK, PREFER_CRLS]
> 
> OCSP responder set :null
> 
> Trusted root set: false
> 
> Expected EE Status:GOOD
> 
> =====================================================
> 
> Received exception: java.security.cert.CertPathValidatorException: 
> sun.security.provider.certpath.PKIX$CertStoreTypeException: Invalid 
> name: cn=Actalis Authentication Root CA,o=Actalis S.p.A./03358520967,c=IT
> 