Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8185552

Algorithm Constraints Check Failure

    Details

      Description

      FULL PRODUCT VERSION :
      JDK 1.7.0_151

      ADDITIONAL OS VERSION INFORMATION :
      SunOS <HOSTNAME> 5.10 Generic_150400-52 sun4v sparc SUNW,Sun-Fire_t200

      A DESCRIPTION OF THE PROBLEM :
      Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
      Algorithm constraints check failed on signature algorithm:
      SHA256WithRSAEncryption
               at
      sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:360)
               at
      sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
               at sun.security.validator.Validator.validate(Validator.java:260)
               at
      sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
               at
      sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
               at
      sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
               at
      sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
               ... 125 more


      REGRESSION. Last worked in version 7u141

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Start our JBOSS server pointing to 151. Attempt to connect to a remote service using a certificate.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      A successful connection and data being returned
      ACTUAL -
      The following error and no data being returned.

      Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
      Algorithm constraints check failed on signature algorithm:
      SHA256WithRSAEncryption
               at
      sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:360)
               at
      sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
               at sun.security.validator.Validator.validate(Validator.java:260)
               at
      sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
               at
      sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
               at
      sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
               at
      sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
               ... 125 more


      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException:
      Algorithm constraints check failed on signature algorithm:
      SHA256WithRSAEncryption
               at
      sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:360)
               at
      sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
               at sun.security.validator.Validator.validate(Validator.java:260)
               at
      sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
               at
      sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
               at
      sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
               at
      sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
               ... 125 more


      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      We've rolled back to 141

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                igerasim Ivan Gerasimov
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: