2

I have just changed from signing jar files using a self-signed certificate to using a trusted certificate from Thawte. This works, but there are 2 issues. First, I now get the initial Java Console as before, but this is followed by a second one, then after a while (around 1 minute) the first one closes. Second, when I turn tracing on in the plugin, there are 463 connection requests to the thawte site (in the second console). This is shown as the following repeated over and over again:

security: Certificate validation succeeded using OCSP/CRL
security: Validate the certificate chain using CertPath API
security: SHA-256Certificate finger print: 250B4511AECDA826E699E0D46B4B4B5F4DFDB531AE1E4BE74E35D613F25E1722
security: SHA-256Certificate finger print: AF840CA2B9DFB776BF81AA94C401BC440C52E5C590C43607A13D6680D83E3349
security: SHA-256Certificate finger print: C99157DF28D28EBD87B8B041AACCF023CF1C9AD0D21FD7116149D7F96484FA51
security: SHA-256Certificate finger print: 3F9F27D583204B9E09C8A3D2066C4B57D3A2479C3693650880505698105DBCE9
security: The OCSP support is enabled
security: The CRL support is enabled
security: Failing over to CRLs: Certificate does not specify OCSP responder
network: Connecting http://ocsp.thawte.com/ with proxy=DIRECT
security: OCSP Response: GOOD

Is this triggered every time a class is loaded from the jar file? (I can't seem to turn on the tracing of class load/unload - the -XX:+TraceClassLoading option doesn't seem to work...)

I am just using an tag to load the applet - no JNLP or anything. (The same happens if I use ):

<object type="application/x-java-applet" width="100%" height="879" id="sfnApplet_1" codebase="java:com/deltascheme/sfn/client/SfnApplet.class">
  <param name="MAYSCRIPT" value="true">
  <param name="type" value="application/x-java-applet;version=1.5">
  <param name="cache_option" value="Plugin">
  <param name="java_codebase" value="/sfn85/Content">
  <param name="cache_archive" value="client.jar,lzma.jar">
  <param name="IMAGE" value="Images/appletSplash.jpg">
  <param name="centerimage" value="true">
  <param name="java_code" value="com/xxx/yyy/client/Applet.class">
  <param name="codebase_lookup" value="false">
  <param name="browserName" value="Netscape">
  <param name="browserVersion" value="5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36">
  <param name="java_arguments" value="-Djnlp.packEnabled=true -XX:+TraceClassLoading -Xmx512M">
</object>

Any help gratefully received (Thawte say it's not their fault and I should speak to Oracle. Hmmm...)

Mick Francis
  • 139
  • 6
  • I've just spotted that this only occurs with the early access release of JRE 1.7.0_u40, not with u25. So, let's hope this is a glitch and won't occur in the release of u40... – Mick Francis Aug 16 '13 at 11:59
  • 1
    I've now also spotted that this occurs because I had a -agentlib parameter for my client JVM. Only certain parameters can be used without security implications. – Mick Francis Sep 16 '13 at 11:38

0 Answers0