Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4492585

We should be replacing similar certs when verifying cert chains

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.0.3
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      1.0.3
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        RandomCookie: GMT: 997754762 bytes =
        { 87, 213, 242, 107, 101, 225, 130, 60, 85, 219,
        29, 171, 75, 166, 97, 179, 140, 5, 40, 132, 93,
        227, 197, 2, 84, 113, 37, 255 }
        Session ID: {}
        Cipher Suites: { 0, 5, 0, 4, 0, 9, 0, 10, 0, 18, 0, 19, 0, 3, 0, 17 }
        Compression Methods: { 0 }
        ***
        [write] MD5 and SHA1 hashes: len = 59
        0000: 01 00 00 37 03 01 3B 79 88 8A 57 D5 F2 6B 65 E1 ...7..;y..W..ke.
        0010: 82 3C 55 DB 1D AB 4B A6 61 B3 8C 05 28 84 5D E3 .<U...K.a...(.].
        0020: C5 02 54 71 25 FF 00 00 10 00 05 00 04 00 09 00 ..Tq%...........
        0030: 0A 00 12 00 13 00 03 00 11 01 00 ...........
        main, WRITE: SSL v3.1 Handshake, length = 59
        [write] MD5 and SHA1 hashes: len = 77
        0000: 01 03 01 00 24 00 00 00 20 00 00 05 00 00 04 01 ....$... .......
        0010: 00 80 00 00 09 06 00 40 00 00 0A 07 00 C0 00 00 .......@........
        0020: 12 00 00 13 00 00 03 02 00 80 00 00 11 3B 79 88 .............;y.
        0030: 8A 57 D5 F2 6B 65 E1 82 3C 55 DB 1D AB 4B A6 61 .W..ke..<U...K.a
        0040: B3 8C 05 28 84 5D E3 C5 02 54 71 25 FF ...(.]...Tq%.
        main, WRITE: SSL v2, contentType = 22, translated length = 16310
        main, READ: SSL v3.0 Handshake, length = 3055
        *** ServerHello, v3.0
        RandomCookie: GMT: 9591 bytes =
        { 129, 191, 1, 34, 218, 123, 133, 183, 44, 8, 84, 178, 150, 144, 156,
        86, 40, 92, 248, 222, 26, 193, 100, 1, 175, 96, 68, 159 }
        Session ID:
        {43, 221, 138, 145, 25, 92, 188, 104, 40, 27, 65, 115, 251, 222, 9,
        125, 113, 237, 251, 177, 13, 17, 78, 176, 217, 167, 177, 171, 207, 90, 174, 48}
        Cipher Suite: { 0, 4 }
        Compression Method: 0
        ***
        %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
        ** SSL_RSA_WITH_RC4_128_MD5
        [read] MD5 and SHA1 hashes: len = 74
        0000: 02 00 00 46 03 00 00 00 25 77 81 BF 01 22 DA 7B ...F....%w..."..
        0010: 85 B7 2C 08 54 B2 96 90 9C 56 28 5C F8 DE 1A C1 ..,.T....V(\....
        0020: 64 01 AF 60 44 9F 20 2B DD 8A 91 19 5C BC 68 28 d..`D. +....\.h(
        0030: 1B 41 73 FB DE 09 7D 71 ED FB B1 0D 11 4E B0 D9 .As....q.....N..
        0040: A7 B1 AB CF 5A AE 30 00 04 00 ....Z.0...
        *** Certificate chain
        chain [0] = [
        [
          Version: V3
          Subject: CN=www.foliofn.com, OU=Operations-Server 3,
          O=FolioFN, L=Vienna, ST=Virginia, C=US
          Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@22cdb6
          Validity: [From: Thu Jan 25 16:00:00 PST 2001,
                       To: Sat Jan 26 15:59:59 PST 2002]
          Issuer:
          OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,
          OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.",
          O=VeriSign Trust Network
          SerialNumber: [ 4b8c7820 6710cbe7 61b3554e 380ae9f1 ]

          Certificate Extensions: 4
          [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
          NetscapeCertType [
           SSL server
          ]

        [2]: ObjectId: 2.5.29.3 Criticality=false
        Extension unknown: DER encoded OCTET string =
        0000: 04 82 02 16 30 82 02 12 30 82 02 0E 30 82 02 0A ....0...0...0...
        0010: 06 0B 60 86 48 01 86 F8 45 01 07 01 01 30 82 01 ..`.H...E....0..
        0020: F9 16 82 01 A7 54 68 69 73 20 63 65 72 74 69 66 .....This certif
        0030: 69 63 61 74 65 20 69 6E 63 6F 72 70 6F 72 61 74 icate incorporat
        0040: 65 73 20 62 79 20 72 65 66 65 72 65 6E 63 65 2C es by reference,
        0050: 20 61 6E 64 20 69 74 73 20 75 73 65 20 69 73 20 and its use is
        0060: 73 74 72 69 63 74 6C 79 20 73 75 62 6A 65 63 74 strictly subject
        0070: 20 74 6F 2C 20 74 68 65 20 56 65 72 69 53 69 67 to, the VeriSig
        0080: 6E 20 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 n Certification
        0090: 50 72 61 63 74 69 63 65 20 53 74 61 74 65 6D 65 Practice Stateme
        00A0: 6E 74 20 28 43 50 53 29 2C 20 61 76 61 69 6C 61 nt (CPS), availa
        00B0: 62 6C 65 20 61 74 3A 20 68 74 74 70 73 3A 2F 2F ble at: https://
        00C0: 77 77 77 2E 76 65 72 69 73 69 67 6E 2E 63 6F 6D www.verisign.com
        00D0: 2F 43 50 53 3B 20 62 79 20 45 2D 6D 61 69 6C 20 /CPS; by E-mail
        00E0: 61 74 20 43 50 53 2D 72 65 71 75 65 73 74 73 40 at CPS-requests@
        00F0: 76 65 72 69 73 69 67 6E 2E 63 6F 6D 3B 20 6F 72 verisign.com; or
        0100: 20 62 79 20 6D 61 69 6C 20 61 74 20 56 65 72 69 by mail at Veri
        0110: 53 69 67 6E 2C 20 49 6E 63 2E 2C 20 32 35 39 33 Sign, Inc., 2593
        0120: 20 43 6F 61 73 74 20 41 76 65 2E 2C 20 4D 6F 75 Coast Ave., Mou
        0130: 6E 74 61 69 6E 20 56 69 65 77 2C 20 43 41 20 39 ntain View, CA 9
        0140: 34 30 34 33 20 55 53 41 20 54 65 6C 2E 20 2B 31 4043 USA Tel. +1
        0150: 20 28 34 31 35 29 20 39 36 31 2D 38 38 33 30 20 (415) 961-8830
        0160: 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 Copyright (c) 19
        0170: 39 36 20 56 65 72 69 53 69 67 6E 2C 20 49 6E 63 96 VeriSign, Inc
        0180: 2E 20 20 41 6C 6C 20 52 69 67 68 74 73 20 52 65 . All Rights Re
        0190: 73 65 72 76 65 64 2E 20 43 45 52 54 41 49 4E 20 served. CERTAIN
        01A0: 57 41 52 52 41 4E 54 49 45 53 20 44 49 53 43 4C WARRANTIES DISCL
        01B0: 41 49 4D 45 44 20 61 6E 64 20 4C 49 41 42 49 4C AIMED and LIABIL
        01C0: 49 54 59 20 4C 49 4D 49 54 45 44 2E A0 0E 06 0C ITY LIMITED.....
        01D0: 60 86 48 01 86 F8 45 01 07 01 01 01 A1 0E 06 0C `.H...E.........
        01E0: 60 86 48 01 86 F8 45 01 07 01 01 02 30 2C 30 2A `.H...E.....0,0*
        01F0: 16 28 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 .(https://www.ve
        0200: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 65 70 6F 73 risign.com/repos
        0210: 69 74 6F 72 79 2F 43 50 53 20 itory/CPS


        [3]: ObjectId: 2.5.29.37 Criticality=false
        ExtendedKeyUsages [
        [2.16.840.1.113730.4.1]
        ]

        [4]: ObjectId: 2.5.29.19 Criticality=false
        BasicConstraints:[
        CA:false
        PathLen: undefined
        ]

        ]
          Algorithm: [MD5withRSA]
          Signature:
        0000: 14 AC 35 E2 45 64 CE 38 FC F6 85 5A 9E AD 44 6B ..5.Ed.8...Z..Dk
        0010: BB BD 7A E9 06 A4 66 8C CF F5 50 D9 61 28 90 4F ..z...f...P.a(.O
        0020: 54 C8 01 A9 65 05 1C DA E6 1B 52 55 38 3F 41 48 T...e.....RU8?AH
        0030: 6B D8 B6 07 85 12 24 EF 74 4C 6E 79 D2 EF 2A 1B k.....$.tLny..*.
        0040: 45 4A AA 3B 6B C3 77 64 5B FA F7 5C E2 76 DF D5 EJ.;k.wd[..\.v..
        0050: 7E 7F C0 C4 9D C3 F0 81 37 E1 9C 1E 43 42 42 7F ........7...CBB.
        0060: E3 7D 1D B4 6D 34 16 91 0E 87 0F 27 AD 38 0A 33 ....m4.....'.8.3
        0070: E6 6F 09 6C 2B F9 DB 26 1A B6 CE 4A C5 D1 C4 CE .o.l+..&...J....

        ]
        chain [1] = [
        [
          Version: V3
          Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
        VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.",
        O=VeriSign Trust Network
          Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@3ecfff
          Validity: [From: Wed Apr 16 17:00:00 PDT 1997,
                       To: Wed Jan 07 15:59:59 PST 2004]
          Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          SerialNumber: [ 236c971e 2bc60d0b f97460de f108c3c3 ]

        Certificate Extensions: 5
        [1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
        NetscapeCertType [
           SSL CA
           S/MIME CA
        ]

        [2]: ObjectId: 2.5.29.32 Criticality=false
        CertificatePolicies [
          [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
        [PolicyQualifierInfo: [
          qualifierID: 1.3.6.1.5.5.7.2.1
          qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76
        65 ..https://www.ve
        0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 risign.com/CPS

        ], PolicyQualifierInfo: [
          qualifierID: 1.3.6.1.5.5.7.2.2
          qualifier: 0000: 30 81 D9 30 15 16 0E 56 65 72 69 53 69 67 6E 2C
        0..0...VeriSign,
        0010: 20 49 6E 63 2E 30 03 02 01 01 1A 81 BF 56 65 72 Inc.0.......Ver
        0020: 69 53 69 67 6E 27 73 20 43 65 72 74 69 66 69 63 iSign's Certific
        0030: 61 74 69 6F 6E 20 50 72 61 63 74 69 63 65 20 53 ation Practice S
        0040: 74 61 74 65 6D 65 6E 74 2C 20 77 77 77 2E 76 65 tatement, www.ve
        0050: 72 69 73 69 67 6E 2E 63 6F 6D 2F 43 50 53 2C 20 risign.com/CPS,
        0060: 67 6F 76 65 72 6E 73 20 74 68 69 73 20 63 65 72 governs this cer
        0070: 74 69 66 69 63 61 74 65 20 26 20 69 73 20 69 6E tificate & is in
        0080: 63 6F 72 70 6F 72 61 74 65 64 20 62 79 20 72 65 corporated by re
        0090: 66 65 72 65 6E 63 65 20 68 65 72 65 69 6E 2E 20 ference herein.
        00A0: 53 4F 4D 45 20 57 41 52 52 41 4E 54 49 45 53 20 SOME WARRANTIES
        00B0: 44 49 53 43 4C 41 49 4D 45 44 20 26 20 4C 49 41 DISCLAIMED & LIA
        00C0: 42 49 4C 49 54 59 20 4C 54 44 2E 20 28 63 29 31 BILITY LTD. (c)1
        00D0: 39 39 37 20 56 65 72 69 53 69 67 6E 997 VeriSign

        ]] ]
        ]

        [3]: ObjectId: 2.5.29.37 Criticality=false
        ExtendedKeyUsages [
        [2.16.840.1.113733.1.8.1, 2.16.840.1.113730.4.1]]

        [4]: ObjectId: 2.5.29.15 Criticality=false
        KeyUsage [
          Key_CertSign
          Crl_Sign
        ]

        [5]: ObjectId: 2.5.29.19 Criticality=false
        BasicConstraints:[
        CA:true
        PathLen:0
        ]

        ]
          Algorithm: [MD2withRSA]
          Signature:
        0000: B8 8C 98 C3 2B 48 F5 72 CD 68 0D 1A B3 74 63 BB ....+H.r.h...tc.
        0010: B1 58 B6 98 45 22 EC 11 8D C7 4E 33 8B 62 5A 21 .X..E"....N3.bZ!
        0020: 24 6C 9A C0 42 B4 45 A9 3A FB 67 F0 91 BE 18 1F $l..B.E.:.g.....
        0030: D5 48 19 93 6B 8D CB 37 4B 86 E6 7D 9B FD 8C 78 .H..k..7K......x
        0040: 99 FF 83 C2 FC D9 55 06 9E 31 66 46 7D 1B 78 60 ......U..1fF..x`
        0050: F4 55 D4 6C 55 C8 69 62 70 7C 4D B6 89 06 05 9B .U.lU.ibp.M.....
        0060: C8 43 8E CC 0C 28 D5 D1 8C CD 46 50 E3 31 96 66 .C...(....FP.1.f
        0070: 92 11 24 1E 4A 5B 4B 66 5E 65 55 1E 5F 37 9A AE ..$.J[Kf^eU._7..

        ]
        chain [2] = [
        [
          Version: V1
          Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@65a77f
          Validity: [From: Sun Jan 28 16:00:00 PST 1996,
                       To: Tue Aug 01 16:59:59 PDT 2028]
          Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          SerialNumber: [ 70bae41d 10d92934 b638ca7b 03ccbabf ]

        ]
          Algorithm: [MD2withRSA]
          Signature:
        0000: BB 4C 12 2B CF 2C 26 00 4F 14 13 DD A6 FB FC 0A .L.+.,&.O.......
        0010: 11 84 8C F3 28 1C 67 92 2F 7C B6 C5 FA DF F0 E8 ....(.g./.......
        0020: 95 BC 1D 8F 6C 2C A8 51 CC 73 D8 A4 C0 53 F0 4E ....l,.Q.s...S.N
        0030: D6 26 C0 76 01 57 81 92 5E 21 F1 D1 B1 FF E7 D0 .&.v.W..^!......
        0040: 21 58 CD 69 17 E3 44 1C 9C 19 44 39 89 5C DC 9C !X.i..D...D9.\..
        0050: 00 0F 56 8D 02 99 ED A2 90 45 4C E4 BB 10 A4 3D ..V......EL....=
        0060: F0 32 03 0E F1 CE F8 E8 C9 51 8C E6 62 9F E6 9F .2.......Q..b...
        0070: C0 7D B7 72 9C C9 36 3A 6B 9F 4E A8 FF 64 0D 64 ...r..6:k.N..d.d

        ]
        ***
        main, SEND SSL v3.0 ALERT: fatal, description = certificate_unknown
        main, WRITE: SSL v3.0 Alert, length = 2
        javax.net.ssl.SSLHandshakeException: untrusted server cert chain
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-
        120198])
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage
        ([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-
        V1.2-120198])
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.ssl.AppOutputStream.write([DashoPro-V1.2-
        120198])
        at java.io.OutputStream.write(OutputStream.java:61)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake([DashoPro-
        V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.doConnect
        ([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.NetworkClient.openServer
        ([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpClient.d([DashoPro-
        V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpClient.&lt;init>
        ([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.&lt;init>
        ([DashoPro-V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-
        V1.2-120198])
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a([DashoPro-
        V1.2-120198])
        at
        com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect
        ([DashoPro-V1.2-120198])
        at
        com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream
        ([DashoPro-V1.2-120198])
        at java.net.URL.openStream(URL.java:851)
        at URLReader.main(URLReader.java:57)
        Exception in thread "main"
        -------------------------------------------------------------------------------

        (Review ID: 130042)
        ======================================================================


        Name: bsC130419 Date: 08/15/2001


        % java -version
        java version "1.4.0-beta"
        Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0-beta-b65)
        Java HotSpot(TM) Client VM (build 1.4.0-beta-b65, mixed mode)

        Connection fails with a V3 certificate if attachment key usage is not defined

        The following URLReader.java program was used to produce this problem.

        Jeff Harris (###@###.###) offered the following analysis of this problem:

        It looks like the cert does not have key usage defined in it. Changing the
        fields in IE doesn't actually change the cert, since the signature would
        break. This appears to be a bug in Sun's verification. I'm not sure if
        it can be fixed with using sun's JSSE libraries.


        ------------------------------------------------------------------------------
        import java.net.*;
        import java.io.*;
        import java.security.*;

        public class URLReader {
            public static void main(String[] args) throws Exception {
                URL url = new URL("https://www.foliofn.com/servlets/ProcessAction?identifier=loginFormEntry&buildFrame=t");

                System.setProperty( "java.protocol.handler.pkgs",
                                    "com.sun.net.ssl.internal.www.protocol");

                Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider() );

                BufferedReader in = new BufferedReader(
                                        new InputStreamReader(
                                        url.openStream()));

                String inputLine;

                while ((inputLine = in.readLine()) != null) {
                  System.out.println(inputLine);
                }
                System.out.println("WORKED!");
                in.close();
            }
        }
        -------------------------------------------------------------------------------
        The command line used to compile:

        javac URLReader.java
        -------------------------------------------------------------------------------
        The command line used to run the program:
        java -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -
        Djavax.net.debug=ssl,trustmanager,certpath URLReader
        -------------------------------------------------------------------------------
        The trace showing the failure:
        keyStore is :
        keyStore type is : jks
        init keystore
        init keymanager of type SunX509
        trustStore is: d:\jdk1.4\jre\lib\security\cacerts
        trustStore type is : jks
        init truststore
        adding as trusted cert: [
        [
          Version: V3
          Subject: EmailAddress=###@###.###, CN=Thawte Personal
        Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape
          Town, ST=Western Cape, C=ZA
          Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@70eed6
          Validity: [From: Sun Dec 31 16:00:00 PST 1995,
                       To: Thu Dec 31 15:59:59 PST 2020]
          Issuer: EmailAddress=###@###.###, CN=Thawte Personal
        Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape
          Town, ST=Western Cape, C=ZA
          SerialNumber: [ 0 ]

        Certificate Extensions: 1
        [1]: ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
        CA:true
        PathLen:2147483647
        ]

        ]
          Algorithm: [MD5withRSA]
          Signature:
        0000: C7 EC 92 7E 4E F8 F5 96 A5 67 62 2A A4 F0 4D 11 ....N....gb*..M.
        0010: 60 D0 6F 8D 60 58 61 AC 26 BB 52 35 5C 08 CF 30 `.o.`Xa.&.R5\..0
        0020: FB A8 4A 96 8A 1F 62 42 23 8C 17 0F F4 BA 64 9C ..J...bB#.....d.
        0030: 17 AC 47 29 DF 9D 98 5E D2 6C 60 71 5C A2 AC DC ..G)...^.l`q\...
        0040: 79 E3 E7 6E 00 47 1F B5 0D 28 E8 02 9D E4 9A FD y..n.G...(......
        0050: 13 F4 A6 D9 7C B1 F8 DC 5F 23 26 09 91 80 73 D0 ........_#&...s.
        0060: 14 1B DE 43 A9 83 25 F2 E6 9C 2F 15 CA FE A6 AB ...C..%.../.....
        0070: 8A 07 75 8B 0C DD 51 84 6B E4 F8 D1 CE 77 A2 81 ..u...Q.k....w..

        ]
        adding as trusted cert: [
        [
          Version: V3
          Subject: EmailAddress=###@###.###, CN=Thawte Personal Basic
        CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
        ST=Western Cape, C=ZA
          Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@453dce
          Validity: [From: Sun Dec 31 16:00:00 PST 1995,
                       To: Thu Dec 31 15:59:59 PST 2020]
          Issuer: EmailAddress=###@###.###, CN=Thawte Personal Basic CA,
        OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
        ST=Western Cape, C=ZA
          SerialNumber: [ 0 ]

        Certificate Extensions: 1
        [1]: ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
        CA:true
        PathLen:2147483647
        ]

        ]
          Algorithm: [MD5withRSA]
          Signature:
        0000: 2D E2 99 6B B0 3D 7A 89 D7 59 A2 94 01 1F 2B DD -..k.=z..Y....+.
        0010: 12 4B 53 C2 AD 7F AA A7 00 5C 91 40 57 25 4A 38 .KS......\.@W%J8
        0020: AA 84 70 B9 D9 80 0F A5 7B 5C FB 73 C6 BD D7 8A ..p......\.s....
        0030: 61 5C 03 E3 2D 27 A8 17 E0 84 85 42 DC 5E 9B C6 a\..-'.....B.^..
        0040: B7 B2 6D BB 74 AF E4 3F CB A7 B7 B0 E0 5D BE 78 ..m.t..?.....].x
        0050: 83 25 94 D2 DB 81 0F 79 07 6D 4F F4 39 15 5A 52 .%.....y.mO.9.ZR
        0060: 01 7B DE 32 D6 4D 38 F6 12 5C 06 50 DF 05 5B BD ...2.M8..\.P..[.
        0070: 14 4B A1 DF 29 BA 3B 41 8D F7 63 56 A1 DF 22 B1 .K..).;A..cV..".

        ]
        adding as trusted cert: [
        [
          Version: V1
          Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@7c9944
          Validity: [From: Sun Jan 28 16:00:00 PST 1996,
                       To: Wed Jan 07 15:59:59 PST 2004]
          Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          SerialNumber: [ e49efdf3 3ae80ecf a5113e19 a4240232 ]

        ]
          Algorithm: [MD2withRSA]
          Signature:
        0000: 61 70 EC 2F 3F 9E FD 2B E6 68 54 21 B0 67 79 08 ap./?..+.hT!.gy.
        0010: 0C 20 96 31 8A 0D 7A BE B6 26 DF 79 2C 22 69 49 . .1..z..&.y,"iI
        0020: 36 E3 97 77 62 61 A2 32 D7 7A 54 21 36 BA 02 C9 6..wba.2.zT!6...
        0030: 34 E7 25 DA 44 35 B0 D2 5C 80 5D B3 94 F8 F9 AC 4.%.D5..\.].....
        0040: EE A4 60 75 2A 1F 95 49 23 B1 4A 7C F4 B3 47 72 ..`u*..I#.J...Gr
        0050: 21 5B 7E 97 AB 54 AC 62 E7 5D EC AE 9B D2 C9 B2 ![...T.b.]......
        0060: 24 FB 82 AD E9 67 15 4B BA AA A6 F0 97 A0 F6 B0 $....g.K........
        0070: 97 57 00 C8 0C 3C 09 A0 82 04 BA 41 DA F7 99 A4 .W...<.....A....

        ]
        adding as trusted cert: [
        [
          Version: V3
          Subject: EmailAddress=###@###.###, CN=Thawte Personal
        Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape
          Town, ST=Western Cape, C=ZA
          Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@b819f
          Validity: [From: Sun Dec 31 16:00:00 PST 1995,
                       To: Thu Dec 31 15:59:59 PST 2020]
          Issuer: EmailAddress=###@###.###, CN=Thawte Personal Premium
        CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town,
        ST=Western Cape, C=ZA
          SerialNumber: [ 0 ]

        Certificate Extensions: 1
        [1]: ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
        CA:true
        PathLen:2147483647
        ]

        ]
          Algorithm: [MD5withRSA]
          Signature:
        0000: 69 36 89 F7 34 2A 33 72 2F 6D 3B D4 22 B2 B8 6F i6..4*3r/m;."..o
        0010: 9A C5 36 66 0E 1B 3C A1 B1 75 5A E6 FD 35 D3 F8 ..6f..<..uZ..5..
        0020: A8 F2 07 6F 85 67 8E DE 2B B9 E2 17 B0 3A A0 F0 ...o.g..+....:..
        0030: 0E A2 00 9A DF F3 14 15 6E BB C8 85 5A 98 80 F9 ........n...Z...
        0040: FF BE 74 1D 3D F3 FE 30 25 D1 37 34 67 FA A5 71 ..t.=..0%.74g..q
        0050: 79 30 61 29 72 C0 E0 2C 4C FB 56 E4 3A A8 6F E5 y0a)r..,L.V.:.o.
        0060: 32 59 52 DB 75 28 50 59 0C F8 0B 19 E4 AC D9 AF 2YR.u(PY........
        0070: 96 8D 2F 50 DB 07 C3 EA 1F AB 33 E0 F5 2B 31 89 ../P......3..+1.

        ]
        adding as trusted cert: [
        [
          Version: V3
          Subject: EmailAddress=###@###.###, CN=Thawte Server CA,
        OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
        ST=Western Cape, C=ZA
          Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@f73c1
          Validity: [From: Wed Jul 31 17:00:00 PDT 1996,
                       To: Thu Dec 31 15:59:59 PST 2020]
          Issuer: EmailAddress=###@###.###, CN=Thawte Server CA,
        OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
        ST=Western Cape, C=ZA
          SerialNumber: [ 01]

        Certificate Extensions: 1
        [1]: ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
        CA:true
        PathLen:2147483647
        ]

        ]
          Algorithm: [MD5withRSA]
          Signature:
        0000: 07 FA 4C 69 5C FB 95 CC 46 EE 85 83 4D 21 30 8E ..Li\...F...M!0.
        0010: CA D9 A8 6F 49 1A E6 DA 51 E3 60 70 6C 84 61 11 ...oI...Q.`pl.a.
        0020: A1 1A C8 48 3E 59 43 7D 4F 95 3D A1 8B B7 0B 62 ...H>YC.O.=....b
        0030: 98 7A 75 8A DD 88 4E 4E 9E 40 DB A8 CC 32 74 B9 .zu...NN.@...2t.
        0040: 6F 0D C6 E3 B3 44 0B D9 8A 6F 9A 29 9B 99 18 28 o....D...o.)...(
        0050: 3B D1 E3 40 28 9A 5A 3C D5 B5 E7 20 1B 8B CA A4 ;..@(.Z<... ....
        0060: AB 8D E9 51 D9 E2 4C 2C 59 A9 DA B9 B2 75 1B F6 ...Q..L,Y....u..
        0070: 42 F2 EF C7 F2 18 F9 89 BC A3 FF 8A 23 2E 70 47 B...........#.pG

        ]
        adding as trusted cert: [
        [
          Version: V1
          Subject: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@789144
          Validity: [From: Sun Jan 28 16:00:00 PST 1996,
                       To: Fri Dec 31 15:59:59 PST 1999]
          Issuer: OU=Class 4 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          SerialNumber: [ 02a60000 01]

        ]
          Algorithm: [MD2withRSA]
          Signature:
        0000: 53 DD D3 F0 9C 24 7E 40 AA E2 FC 00 1A D7 DA 0C S....$.@........
        0010: FC 32 61 B8 15 0D 96 F3 FA 57 1B 7F 33 7C AF E9 .2a......W..3...
        0020: 98 9A 61 C8 7A B3 B7 FF B1 DC 99 83 DC AC 12 FC ..a.z...........
        0030: 70 C9 1F 38 42 ED 44 F6 80 2E 5B 6B 33 69 AC 9C p..8B.D...[k3i..
        0040: D3 5C E7 5F 5A 18 C7 B1 2D 79 04 96 41 91 99 41 .\._Z...-y..A..A
        0050: B1 3C 0D BA 84 39 C6 3B 97 F0 26 C9 8E EE BD CC .<...9.;..&.....
        0060: 42 95 FF 1E C7 02 3F 54 0C 78 F5 BC AA 60 7C 02 B.....?T.x...`..
        0070: 69 E8 DC AC E2 02 76 61 C4 3E 03 EA D2 8A 24 D1 i.....va.>....$.

        ]
        adding as trusted cert: [
        [
          Version: V1
          Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@6c6b2
          Validity: [From: Sun Jan 28 16:00:00 PST 1996,
                       To: Tue Jan 07 15:59:59 PST 2020]
          Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          SerialNumber: [ 325033cf 50d156f3 5c81ad65 5c4fc825 ]

        ]
          Algorithm: [MD2withRSA]
          Signature:
        0000: 4B 44 66 60 68 64 E4 98 1B F3 B0 72 E6 95 89 7C KDf`hd.....r....
        0010: DD 7B B3 95 C0 1D 2E D8 D8 19 D0 2D 34 3D C6 50 ...........-4=.P
        0020: 9A 10 86 8C AA 3F 3B A8 04 FC 37 52 95 C3 D9 C9 .....?;...7R....
        0030: DB CD F2 86 06 C4 B1 1B F0 82 88 30 42 8E 17 50 ...........0B..P
        0040: 1C 64 7A B8 3E 99 49 74 97 FC AC 02 43 FB 96 0C .dz.>.It....C...
        0050: 56 04 25 0C 7C 7C 87 9D 24 A7 D8 F0 32 29 B5 A4 V.%.....$...2)..
        0060: DF 5D A2 4C C5 16 32 A8 42 F6 45 A6 B6 36 B9 E0 .].L..2.B.E..6..
        0070: BF 65 36 93 C2 D2 D7 6B DC DE 59 D6 A2 35 F8 45 .e6....k..Y..5.E

        ]
        adding as trusted cert: [
        [
          Version: V1
          Subject: OU=Secure Server Certification Authority, O="RSA Data Security,
        Inc.", C=US
          Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@329f3d
          Validity: [From: Tue Nov 08 16:00:00 PST 1994,
                       To: Thu Jan 07 15:59:59 PST 2010]
          Issuer: OU=Secure Server Certification Authority, O="RSA Data Security,
        Inc.", C=US
          SerialNumber: [ 02ad667e 4e45fe5e 576f3c98 195eddc0 ]

        ]
          Algorithm: [MD2withRSA]
          Signature:
        0000: 65 DD 7E E1 B2 EC B0 E2 3A E0 EC 71 46 9A 19 11 e.......:..qF...
        0010: B8 D3 C7 A0 B4 03 40 26 02 3E 09 9C E1 12 B3 D1 ......@&.>......
        0020: 5A F6 37 A5 B7 61 03 B6 5B 16 69 3B C6 44 08 0C Z.7..a..[.i;.D..
        0030: 88 53 0C 6B 97 49 C7 3E 35 DC 6C B9 BB AA DF 5C .S.k.I.>5.l....0040: BB 3A 2F 93 60 B6 A9 4B 4D F2 20 F7 CD 5F 7F 64 .:/.`..KM. .._.d
        0050: 7B 8E DC 00 5C D7 FA 77 CA 39 16 59 6F 0E EA D3 ....\..w.9.Yo...
        0060: B5 83 7F 4D 4D 42 56 76 B4 C9 5F 04 F8 38 F8 EB ...MMBVv.._..8..
        0070: D2 5F 75 5F CD 7B FC E5 8E 80 7C FC 50 ._u_........P

        ]
        adding as trusted cert: [
        [
          Version: V3
          Subject: EmailAddress=###@###.###, CN=Thawte Premium Server
        CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
        ST=Western Cape, C=ZA
          Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@749757
          Validity: [From: Wed Jul 31 17:00:00 PDT 1996,
                       To: Thu Dec 31 15:59:59 PST 2020]
          Issuer: EmailAddress=###@###.###, CN=Thawte Premium Server CA,
        OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
        ST=Western Cape, C=ZA
          SerialNumber: [ 01]

        Certificate Extensions: 1
        [1]: ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
        CA:true
        PathLen:2147483647
        ]

        ]
          Algorithm: [MD5withRSA]
          Signature:
        0000: 26 48 2C 16 C2 58 FA E8 16 74 0C AA AA 5F 54 3F &H,..X...t..._T?
        0010: F2 D7 C9 78 60 5E 5E 6E 37 63 22 77 36 7E B2 17 ...x`^^n7c"w6...
        0020: C4 34 B9 F5 08 85 FC C9 01 38 FF 4D BE F2 16 42 .4.......8.M...B
        0030: 43 E7 BB 5A 46 FB C1 C6 11 1F F1 4A B0 28 46 C9 C..ZF......J.(F.
        0040: C3 C4 42 7D BC FA AB 59 6E D5 B7 51 88 11 E3 A4 ..B....Yn..Q....
        0050: 85 19 6B 82 4C A4 0C 12 AD E9 A4 AE 3F F1 C3 49 ..k.L.......?..I
        0060: 65 9A 8C C5 C8 3E 25 B7 94 99 BB 92 32 71 07 F0 e....>%.....2q..
        0070: 86 5E ED 50 27 A6 0D A6 23 F9 BB CB A6 07 14 42 .^.P'...#......B

        ]
        adding as trusted cert: [
        [
          Version: V1
          Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

          Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@7bd6a1
          Validity: [From: Sun Jan 28 16:00:00 PST 1996,
                       To: Wed Jan 07 15:59:59 PST 2004]
          Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign,
        Inc.", C=US
          SerialNumber: [ ba5ac94c 053b92d6 a7b6df4e d053920d ]

        ]
          Algorithm: [MD2withRSA]
          Signature:
        0000: B6 00 1F 93 57 A4 07 A7 40 CE 65 40 3F 55 5E ED ....W...@.e@?U^.
        0010: EF FA 54 49 A5 30 D6 21 7C 61 87 EE 83 93 0B BF ..TI.0.!.a......
        0020: B4 33 F2 98 AC 9F 06 BF 4E A8 CE 14 81 4C CB 04 .3......N....L..
        0030: 4E 58 C3 CF 5F EE 7C D7 9A 6F CB 41 8A B7 7F 81 NX.._....o.A....
        0040: B8 FF 84 61 C6 27 43 65 1D 0C EC B1 00 0A DD 1B ...a.'Ce........
        0050: A4 BB C7 78 20 28 B2 A2 DD 36 95 2E E1 54 4F BF ...x (...6...TO.
        0060: 60 B9 77 68 11 99 23 E8 EA 52 E8 AA 00 4E 67 4E `.wh..#..R...NgN
        0070: BB 90 B5 45 9B 46 EB 8E 16 EF C4 33 5B 33 3D D5 ...E.F.....3[3=.

        ]
        init context
        trigger seeding of SecureRandom
        done seeding SecureRandom
        %% No cached client session
        *** ClientHello, v3.1

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                andreas Andreas Sterbenz
                Reporter:
                bstrathesunw Bill Strathearn (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: