Yes, I see the same issue. Please file a bug. It is trying to retrieve a
CRL from the CA's LDAP repository and not finding an entry. Use of LDAP
URLs for fetching CRLs is somewhat rare in my experience (usually it
uses HTTP). It could be an issue with the CA's configuration, or it
could possibly be a bug in the JDK, or it could be something with the
test configuration. More evaluation is needed.
--Sean
On 7/4/22 3:57 AM, Baesken, Matthias wrote:
Hello, after https://bugs.openjdk.org/browse/JDK-8224768
<https://bugs.openjdk.org/browse/JDK-8224768> removed the ActalisCA
test from the problem list, we see the test failing on all platforms
when running with JDK20 .
Can someone who runs those tests regularly confirm this ?
Thanks, Matthias
Failure is :
=====================================================
CONFIGURATION
=====================================================
http.proxyHost :null
http.proxyPort :null
https.proxyHost :null
https.proxyPort :null
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer,
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage
SignedJAR & denyAfter 2019-01-01
Revocation options :[NO_FALLBACK]
OCSP responder set :null
Trusted root set: false
Expected EE Status:GOOD
=====================================================
Successful CertPath validation
Expected Certificate status: GOOD
Certificate status after validation: GOOD
=====================================================
CONFIGURATION
=====================================================
http.proxyHost :null
http.proxyPort :null
https.proxyHost :null
https.proxyPort :null
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer,
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage
SignedJAR & denyAfter 2019-01-01
Revocation options :[NO_FALLBACK]
OCSP responder set :null
Trusted root set: false
Validation Date:Wed Jun 01 00:00:00 CEST 2022
Expected EE Status:REVOKED
Expected EE Revocation Date:Mon Mar 07 15:11:11 CET 2022
=====================================================
Received exception: java.security.cert.CertPathValidatorException:
Certificate has been revoked, reason: CESSATION_OF_OPERATION, revocation
date: Mon Mar 07 15:11:11 CET 2022, authority: CN=Actalis Organization
Validated Server CA G3 - OCSP Responder, O=Actalis S.p.A., L=Ponte San
Pietro, ST=Bergamo, C=IT, extension OIDs: []
Expected Certificate status: REVOKED
Certificate status after validation: REVOKED
Certificate revocation date:Mon Mar 07 15:11:11 CET 2022
Expected revocation date:Mon Mar 07 15:11:11 CET 2022
--------------------------------
=====================================================
CONFIGURATION
=====================================================
http.proxyHost :null
http.proxyPort :null
https.proxyHost :null
https.proxyPort :null
https.socksProxyHost :null
https.socksProxyPort :null
jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer,
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, SHA1 usage
SignedJAR & denyAfter 2019-01-01
Revocation options :[NO_FALLBACK, PREFER_CRLS]
OCSP responder set :null
Trusted root set: false
Expected EE Status:GOOD
=====================================================
Received exception: java.security.cert.CertPathValidatorException:
sun.security.provider.certpath.PKIX$CertStoreTypeException: Invalid
name: cn=Actalis Authentication Root CA,o=Actalis S.p.A./03358520967,c=IT
