United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6945145 PKIX path validation failed: App won't start when offline when using JOGL/Win7
JDK-6945145 : PKIX path validation failed: App won't start when offline when using JOGL/Win7

Details
Type:
Bug
Submit Date:
2010-04-19
Status:
Resolved
Updated Date:
2013-01-16
Project Name:
JDK
Resolved Date:
2010-10-11
Component:
deploy
OS:
solaris_8,windows_xp
Sub-Component:
deployment_toolkit
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
6u10
Fixed Versions:
6u23 (b02)

Related Reports
Backport:
Relates:

Sub Tasks

Description
FULL PRODUCT VERSION :
1.6.0_18-b07

ADDITIONAL OS VERSION INFORMATION :
Windows 7

A DESCRIPTION OF THE PROBLEM :
An application using Java Web Start fails to start when offline when the jnlp file has the JOGL extension, on Windows 7 machines. This is similar to earlier bugs but this is only failing on Windows 7. It works fine with other OS's (linux, mac, and even WinXP) but fails in Windows 7. Also it only fails with the JOGL extension in the jnlp. Without that, it works (after compiling the program not to use 3d). The extension is the element:

<extension name="jogl" href="http://download.java.net/media/jogl/builds/archive/jsr-231-webstart-current/jogl.jnlp"/>

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
If the description above is not enough, I will write a simple example. But just take some jnlp file you use and add the jogl extension above to the resources and you should see the behaviour under a windows 7 OS.


ERROR MESSAGES/STACK TRACES THAT OCCUR :
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: java.net.SocketException:
Connection reset
??at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
??at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
??at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
??at sun.security.validator.Validator.validate(Unknown Source)
??at sun.security.validator.Validator.validate(Unknown Source)
??at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown
Source)
??at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown
Source)
??at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
??at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
??at com.sun.javaws.Launcher.prepareResources(Unknown Source)
??at com.sun.javaws.Launcher.prepareAllResources(Unknown Source)
??at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
??at com.sun.javaws.Launcher.prepareToLaunch(Unknown Source)
??at com.sun.javaws.Launcher.launch(Unknown Source)
??at com.sun.javaws.Main.launchApp(Unknown Source)
??at com.sun.javaws.Main.continueInSecureThread(Unknown Source)
??at com.sun.javaws.Main$1.run(Unknown Source)
??at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException:
java.net.SocketException: Connection reset
??atsun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown
Source)
??at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown
Source)
??atsun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown
Source)
??at java.security.cert.CertPathValidator.validate(Unknown Source)
??... 18 more
Caused by: java.net.SocketException: Connection reset
??at java.net.SocketInputStream.read(Unknown Source)
??at java.io.BufferedInputStream.fill(Unknown Source)
??at java.io.BufferedInputStream.read1(Unknown Source)
??at java.io.BufferedInputStream.read(Unknown Source)
??at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
??at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
??at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
??at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
??at sun.security.provider.certpath.OCSP.check(Unknown Source)
??at sun.security.provider.certpath.OCSPChecker.check(Unknown Source)
??... 22 more


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
I will write something if you need.
---------- END SOURCE ----------

Release Regression From : 6u17
The above release value was the last known release where this 
bug was not reproducible. Since then there has been a regression.

                                    

Comments
EVALUATION

I have tested it using JRE 6u20 on Window 7 machine, after running it successfully, disconnect it from internet and run it from desktop shotcut, it works fine.

I have contact submitter and will close this bug.
                                     
2010-04-26
EVALUATION

We need to make code more robust against transient network errors.
                                     
2010-04-26
EVALUATION

In 6u18, we added a new security dialog for installing trusted extensions. As part of that change, we verify that the certificate used to sign the extension has not been revoked via OCSP. If there is a network failure connecting to the OCSP server to download revocation information it is supposed to be treated as a non-failure (revocation still passes). However, there is a bug in that logic, and the network timeout is erroneously percolating upwards as an exception.
                                     
2010-06-01
regression_test_src: 
http://sqe-hgi.us.oracle.com/hg/index.cgi/8/deployment_int_ws/file/cde25cd51bce/new_framework/tests/javaws/manual/ExtensionNoNetwork/testcases/ExtensionNoNetworkScenarios/testExtensionNoNetwork.html
                                     
2013-01-16



Hardware and Software, Engineered to Work Together