Found a work around for this problem.
I am guessing, that, perhaps, not many people using JDK 11 on NetBSD
9.x. It presents itself any time an HTTPS URL is used.
So gradle, maven, any program that uses network classes that rely on
HTTPS protocol would see this
-- script start --
# ts1000: workaround to fix cacert store for OpenJDK 11 on NetBSD 9.1
# this workaround just reimports existing certificates in
$JAVA_HOME/lib/security/cacerts
# into a JKS format store, and then just replaces the cacerts with the
JKS version
# must be done as root
# also assuming keytool is in the $PATH
# that is: we have export JAVA_HOME=/usr/pkg/java/openjdk11
# and export PATH=${PATH}:${JAVA_HOME}/bin
cd /usr/pkg/java/openjdk11/lib/security
keytool -importkeystore -srckeystore
/usr/pkg/java/openjdk11/lib/security/cacerts -destkeystore
/usr/pkg/java/openjdkmv cacerts cacerts.org
ln -s cacerts.jks cacerts
-- script end --
Similar problem was with Docker. I picked up a solution from there
https://github.com/docker-library/openjdk/pull/263/files
I also updated the gnats issue report with the workaround
https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=55758
On 2020-10-24 21:00, ts1000 wrote:
Hello,
I have a java project organized by Gradle.
First thing that gradle does, is it downloads dependencies.
But that first step is not working on netBSD-9.1 amd64
I tried with pkgin, as well as building openjdk11 from source.
Error is the same.
I also installed, with pkgin,
ca-certificates-20200601
mozilla-rootcerts-1.0.20200529nb1
But that did not help. Would appreciate any pointers on where to look
The error I am getting is:
-- begin --
nbsd1$ bash gradlew
Downloading
https://services.gradle.org/distributions/gradle-6.5.1-all.zip
Exception in thread "main" javax.net.ssl.SSLException: Unexpected
error: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
at
java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at
java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1576)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:453)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:411)
at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1592)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:250)
at
org.gradle.wrapper.Download.downloadInternal(Download.java:67)
at org.gradle.wrapper.Download.download(Download.java:52)
at org.gradle.wrapper.Install$1.call(Install.java:62)
at org.gradle.wrapper.Install$1.call(Install.java:48)
at
org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:69)
at org.gradle.wrapper.Install.createDist(Install.java:48)
at
org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:107)
at
org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:62)
Caused by: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty
at
java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:102)
at
java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
at
java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:300)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:176)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:189)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at
java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:629)
at
java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464)
at
java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:183)
at
java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:171)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1403)
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
... 14 more
Caused by: java.security.InvalidAlgorithmParameterException: the
trustAnchors parameter must be non-empty
at
java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at
java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at
java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at
java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:99)
... 30 more
nbsd1$
-- end --
java env:
nbsd1$ java --version
openjdk 11.0.8-internal 2020-07-14
OpenJDK Runtime Environment (build
11.0.8-internal+0-adhoc.pkgsrc.openjdk-jdk11u-jdk-11.0.8-10-1)
OpenJDK 64-Bit Server VM (build
11.0.8-internal+0-adhoc.pkgsrc.openjdk-jdk11u-jdk-11.0.8-10-1, mixed
mode)
nbsd1$