Bug#501643: openjdk-6: SSL doesn't work, maybe due to a lack of trusted root certificates

Thu, 09 Oct 2008 00:42:00 -0700 

Package: openjdk-6
Version: 6b11-6
Severity: normal

I get the below errors when trying to run the Amazon EC2 API tools
(which are non-free - I can give you a package of them for your own test
purposes if that will help but I can't publish them).

A Java expert has suggested that it might be "caused by the fact that
OpenJDK doesn't include any trusted root certificates. I thought that
IcedTea fixed this by using the certificates installed on the system,
but I'm not sure".


Unexpected error:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: 
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter 
must be non-empty
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1574)
        at 
sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1557)
        at 
sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1483)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:83)
        at 
java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
        at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121)
        at java.io.FilterOutputStream.write(FilterOutputStream.java:97)
        at 
org.apache.commons.httpclient.methods.ByteArrayRequestEntity.writeRequest(ByteArrayRequestEntity.java:89)
        at 
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)
        at 
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
        at 
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
        at 
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
        at 
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
        at 
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
        at 
org.codehaus.xfire.transport.http.CommonsHttpMessageSender.send(CommonsHttpMessageSender.java:369)
        at 
org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:123)
        at 
org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
        at 
org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
        at 
org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
        at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
        at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
        at org.codehaus.xfire.client.Client.invoke(Client.java:336)
        at 
org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
        at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
        at $Proxy12.describeImages(Unknown Source)
        at com.amazon.aes.webservices.client.Jec2.describeImages(Jec2.java:425)
        at 
com.amazon.aes.webservices.client.cmd.DescribeImages.invokeOnline(DescribeImages.java:107)
        at 
com.amazon.aes.webservices.client.cmd.BaseCmd.invoke(BaseCmd.java:631)
        at 
com.amazon.aes.webservices.client.cmd.DescribeImages.main(DescribeImages.java:117)
Caused by: java.lang.RuntimeException: Unexpected error: 
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter 
must be non-empty
        at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:75)
        at sun.security.validator.Validator.getInstance(Validator.java:178)
        at 
sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:129)
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:225)
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
        at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
        at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1116)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
        ... 25 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors 
parameter must be non-empty
        at 
java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
        at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
        at 
java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
        at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:73)
        ... 37 more



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to