Comment 16 for bug 561124

Revision history for this message
In , Matthias Klose (doko) wrote :

with a build from 20100411 head/1.8-branch I only see these hangs if security.provider.9 in java.security is uncommented.

a simpler applet showing the same behaviour:
http://www.gurusheaven.de/security/anonymitaets_test.shtml

visiting the page with security.provider.9 commented:

Looking for 0xb5f9a90c 0xb3f3cfb0 0xb5fb6bdc (document)
java version "1.6.0_18"
OpenJDK Runtime Environment (IcedTea6 1.8) (6b18~pre4-1ubuntu4~ppa1)
OpenJDK Server VM (build 16.0-b13, mixed mode)
java.lang.InterruptedException: sleep interrupted
        at java.lang.Thread.sleep(Native Method)
        at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:674)
        at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:649)
        at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:270)
        at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82)
java.lang.InterruptedException: sleep interrupted
        at java.lang.Thread.sleep(Native Method)
        at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:629)
        at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:270)
        at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82)
java.lang.InterruptedException: sleep interrupted
        at java.lang.Thread.sleep(Native Method)
        at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:735)
        at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:649)
        at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:270)
        at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82)

visiting the page with security.provider.9 uncommented:
Looking for 0xb4178f4c 0xb3a58b20 0xb59fdbcc (document)
java version "1.6.0_18"
OpenJDK Runtime Environment (IcedTea6 1.8) (6b18~pre4-1ubuntu4~ppa1)
OpenJDK Server VM (build 16.0-b13, mixed mode)
java.security.ProviderException: Could not initialize NSS
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:201)
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
        at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
        at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
        at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
        at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
        at sun.security.jca.ProviderList.getService(ProviderList.java:330)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
        at java.security.Security.getImpl(Security.java:696)
        at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:130)
        at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:121)
        at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
        at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:381)
        at sun.security.x509.X509Key.parse(X509Key.java:168)
        at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
        at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
        at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
        at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
        at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196)
        at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:107)
        at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:763)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
        at java.security.KeyStore.load(KeyStore.java:1201)
        at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(TrustManagerFactoryImpl.java:221)
        at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:51)
        at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:247)
        at net.sourceforge.jnlp.security.VariableX509TrustManager.<init>(VariableX509TrustManager.java:100)
        at net.sourceforge.jnlp.security.VariableX509TrustManager.getInstance(VariableX509TrustManager.java:282)
        at sun.applet.PluginMain.init(PluginMain.java:217)
        at sun.applet.PluginMain.<init>(PluginMain.java:147)
        at sun.applet.PluginMain.main(PluginMain.java:116)
Caused by: java.io.IOException: An incompatible version of NSS is already loaded, 3.7 or later required
        at sun.security.pkcs11.Secmod.isInitialized(Secmod.java:130)
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:168)
        ... 37 more

NSS version on the system is 3.12.6.
Importing an SHA384withECDSA certificate with the same configuration does work, so the NSS security provider gets recognized in this case.

running the applet in appletviewer works:

appletviewer -J-Djava.security.policy=polfile http://www.gurusheaven.de/security/anonymitaets_test.shtml

with polfile:
grant {
 permission java.lang.RuntimePermission "getenv.*";
};