Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8061641

Java Control Panel Lockdown interaction

    Details

    • CPU:
      x86_64
    • OS:
      windows_7

      Description

      FULL PRODUCT VERSION :


      A DESCRIPTION OF THE PROBLEM :
      interaction in deployment.properties between
      deployment.security.revocation.check=ALL_CERTIFICATES
      deployment.security.revocation.check.locked
      and:
      deployment.security.validation.ocsp=true
      deployment.security.validation.ocsp.locked
      deployment.security.validation.crl=true
      deployment.security.validation.crl.locked


      if set
      deployment.security.revocation.check=ALL_CERTIFICATES
      gesetzt, sind folgende Punkte im Java Control Panel nicht ausgegraut:
      the following fields in Java Control Panel are not greyed out:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP



      but if is set
      deployment.security.revocation.check=NO_CHECK
      the lockdown is set correctly at:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      copy the following into an empty deployment.properties-file and review the settings into the java-control panel:

      deployment.security.revocation.check=ALL_CERTIFICATES
      deployment.security.revocation.check.locked
      deployment.security.validation.ocsp=true
      deployment.security.validation.ocsp.locked
      deployment.security.validation.crl=true
      deployment.security.validation.crl.locked

      as expected the following fields are NOT locked down:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      the following fields are NOT locked down:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP
      ACTUAL -
      the following fields are NOT locked down:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP

      REPRODUCIBILITY :
      This bug can be reproduced always.

        Attachments

          Activity

            People

            • Assignee:
              nnatu Nakul Natu (Inactive)
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: