Debian Bug report logs - #501643
openjdk-6: SSL doesn't work, maybe due to a lack of trusted root certificates

version graph

Package: openjdk-6-jre-headless; Maintainer for openjdk-6-jre-headless is OpenJDK Team <openjdk@lists.launchpad.net>; Source for openjdk-6-jre-headless is src:openjdk-6.

Reported by: Russell Coker <russell@coker.com.au>

Date: Thu, 9 Oct 2008 07:33:01 UTC

Severity: normal

Merged with 501487

Found in version openjdk-6/6b11-6

Fixed in version 6b12-1~exp1

Done: Matthias Klose <doko@cs.tu-berlin.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, OpenJDK Team <openjdk@lists.launchpad.net>:
Bug#501643; Package openjdk-6. (Thu, 09 Oct 2008 07:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to OpenJDK Team <openjdk@lists.launchpad.net>. (Thu, 09 Oct 2008 07:33:03 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openjdk-6: SSL doesn't work, maybe due to a lack of trusted root certificates
Date: Thu, 09 Oct 2008 18:29:37 +1100
Package: openjdk-6
Version: 6b11-6
Severity: normal

I get the below errors when trying to run the Amazon EC2 API tools
(which are non-free - I can give you a package of them for your own test
purposes if that will help but I can't publish them).

A Java expert has suggested that it might be "caused by the fact that
OpenJDK doesn't include any trusted root certificates. I thought that
IcedTea fixed this by using the certificates installed on the system,
but I'm not sure".


Unexpected error:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1574)
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1557)
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1483)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:83)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
	at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121)
	at java.io.FilterOutputStream.write(FilterOutputStream.java:97)
	at org.apache.commons.httpclient.methods.ByteArrayRequestEntity.writeRequest(ByteArrayRequestEntity.java:89)
	at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)
	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
	at org.codehaus.xfire.transport.http.CommonsHttpMessageSender.send(CommonsHttpMessageSender.java:369)
	at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:123)
	at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
	at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
	at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
	at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
	at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
	at org.codehaus.xfire.client.Client.invoke(Client.java:336)
	at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
	at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
	at $Proxy12.describeImages(Unknown Source)
	at com.amazon.aes.webservices.client.Jec2.describeImages(Jec2.java:425)
	at com.amazon.aes.webservices.client.cmd.DescribeImages.invokeOnline(DescribeImages.java:107)
	at com.amazon.aes.webservices.client.cmd.BaseCmd.invoke(BaseCmd.java:631)
	at com.amazon.aes.webservices.client.cmd.DescribeImages.main(DescribeImages.java:117)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:75)
	at sun.security.validator.Validator.getInstance(Validator.java:178)
	at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:129)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:225)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1116)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	... 25 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
	at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
	at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
	at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:73)
	... 37 more




Bug reassigned from package `openjdk-6' to `openjdk-6-jre-headless'. Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. (Sun, 12 Oct 2008 10:42:09 GMT) Full text and rfc822 format available.

Merged 501487 501643. Request was from Matthias Klose <doko@cs.tu-berlin.de> to control@bugs.debian.org. (Sun, 12 Oct 2008 10:42:10 GMT) Full text and rfc822 format available.

Reply sent to Matthias Klose <doko@cs.tu-berlin.de>:
You have taken responsibility. (Sun, 26 Oct 2008 07:45:06 GMT) Full text and rfc822 format available.

Notification sent to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer. (Sun, 26 Oct 2008 07:45:07 GMT) Full text and rfc822 format available.

Message #14 received at 501643-done@bugs.debian.org (full text, mbox):

From: Matthias Klose <doko@cs.tu-berlin.de>
To: 501643-done@bugs.debian.org
Subject: Re: SSL doesn't work, maybe due to a lack of trusted root certificates
Date: Sun, 26 Oct 2008 08:43:22 +0100
Version: 6b12-1~exp1




Reply sent to Matthias Klose <doko@cs.tu-berlin.de>:
You have taken responsibility. (Sun, 26 Oct 2008 07:45:08 GMT) Full text and rfc822 format available.

Notification sent to Marcus Better <marcus@better.se>:
Bug acknowledged by developer. (Sun, 26 Oct 2008 07:45:08 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 07 Apr 2009 07:30:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 01:03:56 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.