See also the March 20 issue at https://www.globalsign.com/en/status. It
could be related. I would monitor it going forward and see if you have
any more issues, and if so we can report it to GlobalSign.
--Sean
On 3/20/20 12:45 PM, Rajan Halade wrote:
Hi Matthias,
I tried several runs of this test but am not able to reproduce the
issue. May be requests from my tests are routed to different OCSP
instance. OCSP responder instance can return internalError for
inconsistent internal state.
How frequent is the failure for you if you are still seeing it?
Thanks,
Rajan
On Mar 19, 2020, at 4:23 AM, Baesken, Matthias
<matthias.baes...@sap.com <mailto:matthias.baes...@sap.com>> wrote:
Hello, for a few days we see the test
security/infra/java/security/cert/CertPathValidator/certification/GlobalSignR6CA.java
failing sometimes. The failures are seen not only in jdk/jdk but also
in jdk11, that's why we suppose it might be
some issue with the infrastructure and/or certificate authority ?
The errors are like this one (shows up on different OS platforms) :
...
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority -
G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only",
OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Subject: CN=VeriSign Class 3 Public Primary Certification Authority
- G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only",
OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US)
certpath: X509CertSelector.match: subject DNs don't match
java.lang.RuntimeException: TEST FAILED: couldn't determine EE
certificate status
at
ValidatePathWithParams.validate(ValidatePathWithParams.java:177)
at GlobalSignR6CA.main(GlobalSignR6CA.java:192)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at
java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.security.cert.CertPathValidatorException: OCSP
response error: INTERNAL_ERROR
at
java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at
java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:237)
at
java.base/sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:145)
at
java.base/sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:84)
at
java.base/java.security.cert.CertPathValidator.validate(CertPathValidator.java:309)
at
ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:288)
at
ValidatePathWithParams.validate(ValidatePathWithParams.java:142)
... 7 more
Caused by: java.security.cert.CertPathValidatorException: OCSP
response error: INTERNAL_ERROR
at
java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:386)
at
java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:195)
at
java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:742)
at
java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:362)
at
java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:336)
at
java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 13 more
Do you notice the issue in your jtreg tests as well ?
Any hints about this ?
Thanks, Matthias
