JDK-8031825 : OCSP client can't find responder cert if it uses a different subject key id algorithm than responderID
  • Type: Bug
  • Status: Closed
  • Resolution: Fixed
  • Component: security-libs
  • Sub-Component: java.security
  • Priority: P1
  • Affected Version: 8,8u5
  • Submit Date: 2014-01-15
  • Updated Date: 2014-05-07
  • Resolved Date: 2014-01-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availabitlity Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8 b126Fixed 9Fixed
Related Reports
Relates :  
Description
The OCSP client code tries to match the responderID (in an OCSP response) against the subject key identifier of the responder cert. This works if the subject key id is using the same algorithm as defined in RFC 2560 (160-bit SHA-1 hash of responder's public key), but RFC 5280 allows implementations to use a different algorithm. For example, RFC 7093 defines new methods using stronger SHA-2 algorithms. We fail to find a responder cert in these situations, and throw the following exception:

java.security.cert.CertPathValidatorException: Unable to verify OCSP Response's signature
Comments
Release team: Approved for fixing.
2014-01-22

SQE approves this fix for JDK 8
2014-01-22

8-critical-request justification: This bug fix is needed because the impact of this issue is pretty severe with an awkward workaround. The revocation checks for a signed applet would fail, and the signed applet would fail to load, and the only workaround is to disable OCSP in the Control Panel. So far we have only found one CA that this bug affects. However, we do not have 100% test coverage for all the CAs that we include. Also, this bug can be triggered if the OCSP responder certificate is using stronger SHA-2 algorithms to generate the subject key identifier (see http://www.rfc-editor.org/rfc/rfc7093.txt ). So, there is an increased risk that we may encounter issues with other OCSP responders who are upgrading their certificates to use stronger algorithms. The fix is understood, small, and should be low risk. Code Review in progress. See http://cr.openjdk.java.net/~mullan/webrevs/8031825/webrev.00/
2014-01-17