JDK-4812909 : Problem to handle invalid web server certificate
  • Type: Bug
  • Component: deploy
  • Sub-Component: plugin
  • Affected Version: 1.4.2
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_2000
  • CPU: x86
  • Submitted: 2003-02-04
  • Updated: 2003-03-19
  • Resolved: 2003-03-19
Related Reports
Duplicate :  
JDK-4780497 - REGRESSION: 1.4.1_01 signed applets don't work anymore
Description
###@###.### 2003-02-04

J2SE Version (please include all output from java -version flag):
 java version "1.4.2-beta"
 Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-beta-b14)
 Java HotSpot(TM) Client VM (build 1.4.2-beta-b14, mixed mode)


Does this problem occur on J2SE 1.3, 1.4 or 1.4.1?  Yes / No (pick one)
 No.

Operating System Configuration Information (be specific):
  Windows 98 SE +latest patches
  Windows 2000 Professional (build 2195: Service Pack 3) + latest paches
  Windows NT 4.0 SP6
  MS Internet Explorer SP1 - 6.0.2800.1106 + latest paches

Hardware Configuration Information (be specific):
  DELL Dimension V400, CPU Intel PII 400 MHz, RAM 128MB
  DELL Dimension L550cx, CPU Intel PIII 550 MHz, RAM 256MB

Bug Description:
  Problem in handling an invalid web server certificate.
   
  Previous versions of the JRE and even previous releases of JRE 1.4.2 popped 
  up a warning dialog box prior to load the applet over HTTPS when they
  encounter an invalid web server certificate. The warning was about the 
  invalid certificate and a question whether you want to continue or not.
  The dialog box had two buttons: "Yes" and "No". If you clicked "No", the
  applet did not load. If you clicked "Yes", the applet loaded and continued 
  to work properly.

  But in Mantis build14, it throws an exception seen in the Java Console and
  nothing is loaded (only a red X icon in the upper left corner).
Comments
WORK AROUND make sure web server certificate is always valid.
11-06-2004
EVALUATION ###@###.### 2003-02-05 This is most likely due to our new bug fix in 1.4.2 #4735737. A new checkBasicConstraint() method has been added into JPI code, so if the certifcate failed to pass this check, we will simply through Exception and won't let user run the applet at all. This is due to the security concern. Please send me the testcase with signed JAR file so that we can know the exactly cause of this certificate. Dennis Gu ###@###.### 2003-03-19 A new modified algorithm has been implemented in Mantis-beta, see bug #4780497. So I will close this bug as a duplicate. Dennis
19-03-2003