JDK-2185344 : Security code issue using Verisign root certificate
  • Type: Backport
  • Backport of: JDK-6899503
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2009-11-20
  • Updated: 2010-04-03
  • Resolved: 2009-12-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other JDK 7
5.0u22-revFixed 7 b78Fixed
Comments
EVALUATION As far as I can determine, the Verisign server is sending a non-compliant TLS server certificate chain (it is not in the correct order). However, every implementation that I tested (Safari, Firefox, Internet Explorer and Chrome) is able to detect that, reorder and validate the chain, and make a successful secure connection to versign.com. So we will fix this.
23-11-2009