JDK-4838056 : Improve handling of expired certificates
  • Type: Enhancement
  • Component: deploy
  • Sub-Component: webstart
  • Affected Version: 1.2.0
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: linux
  • CPU: x86
  • Submitted: 2003-03-26
  • Updated: 2003-03-26
  • Resolved: 2003-03-26
Related Reports
Duplicate :  
JDK-4696477 - certificates should be downloaded dynamically for https
Description

Name: nt126004			Date: 03/26/2003


FULL PRODUCT VERSION :
java version "1.4.1_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_02-b06)
Java HotSpot(TM) Client VM (build 1.4.1_02-b06, mixed mode)


FULL OS VERSION :
Linux 2.4.20-xfs-backstreet-ruby SMP i686

EXTRA RELEVANT SYSTEM CONFIGURATION :
web server, which uses an expired certificate

A DESCRIPTION OF THE PROBLEM :
If one tries to download an application via SSL and the server
presents an expired certifcate to Java Webstart (jws), jws
aborts the [download of the] application. E.g.:

NLPException[category: Download Error : Exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Wed Mar 03 15:09:18 MET 2004 : LaunchDesc: null ]

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) configure your web server to use an expired certificate
2) try to launch your application

EXPECTED VERSUS ACTUAL BEHAVIOR :
If jws encounters an expired certificate, it should leave the decision to the
user, whether to continue with or abort the [download of the] application.

We expect the same behavior as in almost any modern web browser  (e.g. mozilla):
If the browser sees an expired certificate, it pops up a dialog, which gives
the user the chance to inspect the certificate and and allows the user to
continue or cancel the download of the appropriate file ...
abortion of the application [download].

ERROR MESSAGES/STACK TRACES THAT OCCUR :
JNLPException[category: Download Error : Exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Wed Mar 03 15:09:18 MET 2004 : LaunchDesc: null ]
	at com.sun.javaws.cache.DownloadProtocol.doDownload(DownloadProtocol.java:602)
	at com.sun.javaws.cache.DownloadProtocol.isLaunchFileUpdateAvailable(DownloadProtocol.java:705)
	at com.sun.javaws.LaunchDownload.getUpdatedLaunchDesc(LaunchDownload.java:91)
	at com.sun.javaws.Launcher.downloadResources(Launcher.java:664)
	at com.sun.javaws.Launcher.handleApplicationDesc(Launcher.java:268)
	at com.sun.javaws.Launcher.handleLaunchFile(Launcher.java:177)
	at com.sun.javaws.Launcher.run(Launcher.java:145)
	at java.lang.Thread.run(Thread.java:536)


REPRODUCIBILITY :
This bug can be reproduced always.
(Review ID: 183060) 
======================================================================
Comments
EVALUATION this will be covered by RFE 4696477: certificates should be downloaded dynamically for https, which is implemented in mantis (1.4.2) ###@###.### 2003-03-26
26-03-2003