Hi Matthias, I tried several runs of this test but am not able to reproduce the issue. May be requests from my tests are routed to different OCSP instance. OCSP responder instance can return internalError for inconsistent internal state.
How frequent is the failure for you if you are still seeing it? Thanks, Rajan > On Mar 19, 2020, at 4:23 AM, Baesken, Matthias <matthias.baes...@sap.com> > wrote: > > Hello, for a few days we see the test > security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java > failing sometimes. The failures are seen not only in jdk/jdk but also in > jdk11, that's why we suppose it might be > some issue with the infrastructure and/or certificate authority ? > > The errors are like this one (shows up on different OS platforms) : > ... > > Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, > OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust > Network, O="VeriSign, Inc.", C=US > Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, > OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust > Network, O="VeriSign, Inc.", C=US) > certpath: X509CertSelector.match: subject DNs don't match > java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate > status > at > ValidatePathWithParams.validate(ValidatePathWithParams.java:177) > at GlobalSignR6CA.main(GlobalSignR6CA.java:192) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at > com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: java.security.cert.CertPathValidatorException: OCSP response > error: INTERNAL_ERROR > at > java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) > at > java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:237) > at > java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145) > at > java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84) > at > java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309) > at > ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288) > at > ValidatePathWithParams.validate(ValidatePathWithParams.java:142) > ... 7 more > Caused by: java.security.cert.CertPathValidatorException: OCSP response > error: INTERNAL_ERROR > at > java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:386) > at > java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:195) > at > java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:742) > at > java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:362) > at > java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:336) > at > java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125) > ... 13 more > > Do you notice the issue in your jtreg tests as well ? > > Any hints about this ? > > Thanks, Matthias
