Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8027389

OCSP response error: UNAUTHORIZED

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P3
    • Resolution: Not an Issue
    • Affects Version/s: 7u45
    • Fix Version/s: 7u51
    • Component/s: deploy
    • Labels:

      Description

      FULL PRODUCT VERSION :
      java version "1.7.0_45"
      Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
      Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Darwin Mac-mini-de-Oscar.local 11.4.2 Darwin Kernel Version 11.4.2: Thu Aug 23 16:25:48 PDT 2012; root:xnu-1699.32.7~1/RELEASE_X86_64 x86_64


      A DESCRIPTION OF THE PROBLEM :
      Signed Java Web Start application executes with warning message:
      Certificate revocation check cannot be performed.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      javaws http://www.tetrainfo.com/soporte.jnlp


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Web Start must not warn about the certificate revocation.
      ACTUAL -
      Certificate revocation check cannot be performed.

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      If I set the max level of security, I can get the following error:

      com.sun.deploy.security.RevocationChecker$StatusUnknownException: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
      at com.sun.deploy.security.RevocationChecker.checkOCSP(Unknown Source)
      at com.sun.deploy.security.RevocationChecker.check(Unknown Source)
      at com.sun.deploy.security.TrustDecider.checkRevocationStatus(Unknown Source)
      at com.sun.deploy.security.TrustDecider.getValidationState(Unknown Source)
      at com.sun.deploy.security.TrustDecider.validateChain(Unknown Source)
      at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
      at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
      at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResourcesHelper(Unknown Source)
      at com.sun.javaws.security.JNLPSignedResourcesHelper.checkSignedResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
      at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
      at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
      at com.sun.javaws.Launcher.launch(Unknown Source)
      at com.sun.javaws.Main.launchApp(Unknown Source)
      at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
      at com.sun.javaws.Main.access$000(Unknown Source)
      at com.sun.javaws.Main$1.run(Unknown Source)
      at java.lang.Thread.run(Thread.java:744)
      Suppressed: com.sun.deploy.security.RevocationChecker$StatusUnknownException
      at com.sun.deploy.security.RevocationChecker.checkCRLs(Unknown Source)
      ... 18 more
      Caused by: java.security.cert.CertPathValidatorException: OCSP response error: UNAUTHORIZED
      at sun.security.provider.certpath.OCSP.check(OCSP.java:291)
      at sun.security.provider.certpath.OCSP.check(OCSP.java:189)
      at sun.security.provider.certpath.OCSP.check(OCSP.java:154)
      ... 19 more


      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      I can not send source code because the problem is due to signing certificate.
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      Disable the revocation check, but this reduces the level of security

        Attachments

          Activity

            People

            Assignee:
            ddehaven David Dehaven (Inactive)
            Reporter:
            rlewis Roger Lewis (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: