Re: jars not correct packed in release candidates !!!!
Posted by Sven Gothel on Oct 13, 2012; 1:38pm
URL: https://forum.jogamp.org/jars-not-correct-packed-in-release-candidates-tp4026316p4026492.html
On 10/13/2012 10:06 AM, Xerxes Rånby [via jogamp] wrote:
> This is a generic and known issue is located in the Oracle browser plugin code.
> Oracle decided to disable online certificate validation, OCSP, for the browser
> plugin in one of the recent Java 7 updates.
> http://forum.jogamp.org/Win-7-1-7-0-07-b11-InvalidKeyException-Wrong-Key-Usage-on-all-applets-tp4026082.html
>
>
> Workaround for Windows 7 and MacOS X running the Java 7 browser plugin:
> Open the java control panel
> System Preferences > Other > Java > Advanced > "Enable online certificate
> validation".
>
> or change the deployment.properties entry:
> deployment.security.validation.ocsp=true
>
> Linux OpenJDK + IcedTea-web also runs the applets fine.
>
>
> Oracle is working on a fix:
> gouessej added a bugreport to Oracle:
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7197652
> now some code is up for review on the OpenJDK mailinglist to fix fundamental
> flaws in the OCSP certificate verification code:
> http://mail.openjdk.java.net/pipermail/security-dev/2012-October/005646.html
> We belive that Oracle will re-enable OSCP certificate validation by default in
> a future Java 7 update.Awesome, thank you Xerxes triaging and associated this w/ that bug-report!
~Sven
URL: https://forum.jogamp.org/jars-not-correct-packed-in-release-candidates-tp4026316p4026492.html
On 10/13/2012 10:06 AM, Xerxes Rånby [via jogamp] wrote:
> This is a generic and known issue is located in the Oracle browser plugin code.
> Oracle decided to disable online certificate validation, OCSP, for the browser
> plugin in one of the recent Java 7 updates.
> http://forum.jogamp.org/Win-7-1-7-0-07-b11-InvalidKeyException-Wrong-Key-Usage-on-all-applets-tp4026082.html
>
>
> Workaround for Windows 7 and MacOS X running the Java 7 browser plugin:
> Open the java control panel
> System Preferences > Other > Java > Advanced > "Enable online certificate
> validation".
>
> or change the deployment.properties entry:
> deployment.security.validation.ocsp=true
>
> Linux OpenJDK + IcedTea-web also runs the applets fine.
>
>
> Oracle is working on a fix:
> gouessej added a bugreport to Oracle:
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7197652
> now some code is up for review on the OpenJDK mailinglist to fix fundamental
> flaws in the OCSP certificate verification code:
> http://mail.openjdk.java.net/pipermail/security-dev/2012-October/005646.html
> We belive that Oracle will re-enable OSCP certificate validation by default in
> a future Java 7 update.
~Sven
signature.asc (907 bytes) | Free forum by Nabble | Edit this page |