Package: openjdk-6-jre
Version: 6b18-1.8.3-2~lenny1
Severity: important
After installing the lasted openjdk version for lenny on my tomcat server.
Outbound Java https requests began to fail.
Unexpected error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:75)
sun.security.validator.Validator.getInstance(Validator.java:178)
sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:129)
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:225)
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:979)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
style.servlet.PayPalServlet.service(PayPalServlet.java:127)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774)
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
java.lang.Thread.run(Thread.java:636)
Looking at the contents of
/usr/lib/jvm/java-6-openjdk/jre/lib/security/cacerts I was surprised to
find an empty keystore. Looking further the file was a symlinked to
/etc/java-6-openjdk/security/cacerts. Normally this file would be
symlinked to /etc/ssl/certs/java/cacerts.
After looking at the changelog for this version. It's clear that a
change was made that caused this problem, it's not clear why it was made
in the first place.
openjdk-6 (6b18-1.8.3-2~lenny1) oldstable-security; urgency=high
* Build for lenny. Disable browser plugin and ca-certificates-java.
-- Florian Weimer <f...@deneb.enyo.de> Sat, 12 Feb 2011 11:51:36 +0100
Installing the wheezy version openjdk-6-jre (6b18-1.8.3-2) corrects the
problem.
Robert
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
