Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8061641

Java Control Panel Lockdown interaction

    XMLWordPrintable

    Details

    • CPU:
      x86_64
    • OS:
      windows_7

      Description

      FULL PRODUCT VERSION :


      A DESCRIPTION OF THE PROBLEM :
      interaction in deployment.properties between
      deployment.security.revocation.check=ALL_CERTIFICATES
      deployment.security.revocation.check.locked
      and:
      deployment.security.validation.ocsp=true
      deployment.security.validation.ocsp.locked
      deployment.security.validation.crl=true
      deployment.security.validation.crl.locked


      if set
      deployment.security.revocation.check=ALL_CERTIFICATES
      gesetzt, sind folgende Punkte im Java Control Panel nicht ausgegraut:
      the following fields in Java Control Panel are not greyed out:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP



      but if is set
      deployment.security.revocation.check=NO_CHECK
      the lockdown is set correctly at:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      copy the following into an empty deployment.properties-file and review the settings into the java-control panel:

      deployment.security.revocation.check=ALL_CERTIFICATES
      deployment.security.revocation.check.locked
      deployment.security.validation.ocsp=true
      deployment.security.validation.ocsp.locked
      deployment.security.validation.crl=true
      deployment.security.validation.crl.locked

      as expected the following fields are NOT locked down:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      the following fields are NOT locked down:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP
      ACTUAL -
      the following fields are NOT locked down:
      Check for certificate revocation using
          Certificate Revocations Lists (CRLs)
          Online Certificate Status Protocol (OCSP)
          Both CRLs and OCSP

      REPRODUCIBILITY :
      This bug can be reproduced always.

        Attachments

          Activity

            People

            Assignee:
            nnatu Nakul Natu (Inactive)
            Reporter:
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: