Bug#616079: marked as done (the trustAnchors parameter must be non-empty)

[Debian Bug Tracking System]

Your message dated Sat, 23 Mar 2019 16:08:07 +0100
with message-id <bb3e2e35-5a12-7614-66f0-5f5c37ab7...@debian.org>
and subject line closing remaining openjdk-6 bugs
has caused the Debian Bug report #616079,
regarding the trustAnchors parameter must be non-empty
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
616079: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616079
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: openjdk-6-jre
Version: 6b18-1.8.3-2~lenny1
Severity: important

After installing the lasted openjdk version for lenny on my tomcat server.
Outbound Java https requests began to fail.

Unexpected error: java.security.InvalidAlgorithmParameterException: the 
trustAnchors parameter must be non-empty
        sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:75)
        sun.security.validator.Validator.getInstance(Validator.java:178)
        
sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:129)
        
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:225)
        
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
        
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
        
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
        sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
        sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
        sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
        
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
        sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
        sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
        
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423)
        
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:979)
        
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
        style.servlet.PayPalServlet.service(PayPalServlet.java:127)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
        org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
        org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:774)
        
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
        
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:896)
        
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        java.lang.Thread.run(Thread.java:636)


Looking at the contents of
/usr/lib/jvm/java-6-openjdk/jre/lib/security/cacerts I was surprised to
find an empty keystore.  Looking further the file was a symlinked to
/etc/java-6-openjdk/security/cacerts.  Normally this file would be
symlinked  to /etc/ssl/certs/java/cacerts.


After looking at the changelog for this version.  It's clear that a
change was made that caused this problem, it's not clear why it was made
in the first place.

openjdk-6 (6b18-1.8.3-2~lenny1) oldstable-security; urgency=high

  * Build for lenny.  Disable browser plugin and ca-certificates-java.

 -- Florian Weimer <f...@deneb.enyo.de>  Sat, 12 Feb 2011 11:51:36 +0100


Installing the wheezy version openjdk-6-jre (6b18-1.8.3-2) corrects the
problem.

Robert

--- End Message ---

--- Begin Message ---

Version: 6b41-1.13.13-1+rm

Hi,

openjdk-6 was last released with Debian 7.0 (wheezy), which had its LTS
support end nearly a year ago and which has now been archived.
I'm therefore closing the remaining openjdk-6 bugs, assuming they are no
longer relevant for newer (and still supported) openjdk releases.

Andreas

--- End Message ---