https://bz.apache.org/bugzilla/show_bug.cgi?id=62479
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution|--- |INVALID
--- Comment #9 from Mark Thomas <ma...@apache.org> ---
The problem is easily re-producible on Linux.
The steps to reproduce are over complex. The .p12 truststore (and any valid TLS
config for the rest) is all that is required.
The issue is reproducible with the latest release and with the current state of
trunk.
There are reports of similar errors on the users list. They appear to have
different root causes but there is a general theme of JSSE having strict
expectations for what it finds in a p12 file. OpenSSL is known to be more
relaxed.
If you follow the stack trace you will see that JSSE iterates through the
certificate store. To be treated as a trust anchor each entry must be:
- a certificate entry
- an instance of an X509certificate
The p12 store attached to this ticket returns an empty enumeration for
keystore.aliases(). Test code that simply accesses the keystore returns the
same result. This is a JSSE bug or a mal-formed keystore and not a Tomcat
issue.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
