Launchpad has imported 3 comments from the remote bug at http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=133.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-04-02T15:42:08+00:00 Sylvain Beucler wrote: Under Debian Etch, I compiled IcedTea6 (17 march), and installed tomcat5.5. I configured it to run with SSL: /usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/share/tomcat5.5/.keystore # passwd: changeit sudo chown tomcat55: /usr/share/tomcat5.5/.keystore sudo chmod 600 /usr/share/tomcat5.5/.keystore # Simulate Fedora path for now: sudo mkdir -p /etc/pki/tls/certs/ sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt # Modify /etc/tomcat5.5/server.xml and uncomment "Define a SSL HTTP/1.1 Connector on port 8443" Relevant config: <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> On startup I get: ... INFO: Initialisation de Coyote HTTP/1.1 sur http-8180 2 avr. 2008 16:55:26 org.apache.coyote.http11.Http11BaseProtocol init GRAVE: Erreur à l'initialisation du point de contact java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) at java.security.KeyStore.load(KeyStore.java:1201) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:282) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustStore(JSSESocketFactory.java:256) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getTrustManagers(JSSE14SocketFactory.java:174) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:111) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292) at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:138) at org.apache.catalina.connector.Connector.initialize(Connector.java:1016) at org.apache.catalina.core.StandardService.initialize(StandardService.java:580) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791) at org.apache.catalina.startup.Catalina.load(Catalina.java:503) at org.apache.catalina.startup.Catalina.load(Catalina.java:523) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431) 2 avr. 2008 16:55:26 org.apache.catalina.startup.Catalina load GRAVE: Catalina.start LifecycleException: L'initialisation du gestionnaire de protocole a échoué: java.io.IOException: Invalid keystore format at org.apache.catalina.connector.Connector.initialize(Connector.java:1018) at org.apache.catalina.core.StandardService.initialize(StandardService.java:580) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791) at org.apache.catalina.startup.Catalina.load(Catalina.java:503) at org.apache.catalina.startup.Catalina.load(Catalina.java:523) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431) 2 avr. 2008 16:55:26 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1987 ms 2 avr. 2008 16:55:27 org.apache.catalina.core.StandardService start INFO: Démarrage du service Catalina ... When using Sun's JRE 1.5 instead, it works fine (without modifying the keystore). I see this also reported at: http://www.mail-archive.com/[email protected]/msg40851.html where the user installed JRE 1.6 instead of IcedTea to make things work. I don't see this bug reported in bugzilla (search "keystore" returned zarro bugs), so I'm reporting it. Reply at: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/224455/comments/0 ------------------------------------------------------------------------ On 2008-07-20T23:20:29+00:00 Gnu-andrew-n wrote: There were some certificate-related patches being applied back then that have now changed. May be worth retrying with current IcedTea. Reply at: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/224455/comments/8 ------------------------------------------------------------------------ On 2008-11-05T20:57:33+00:00 Sylvain Beucler wrote: I confirm that it works now. Reply at: https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/224455/comments/9 -- You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-6 in Ubuntu. https://bugs.launchpad.net/bugs/224455 Title: open jdk 6 truststore points to privileged access area Status in GlassFish: Unknown Status in Iced Tea: Invalid Status in “openjdk-6” package in Ubuntu: Fix Released Bug description: open jdk 6 truststore setting "javax.net.ssl.trustStore" i.e "/etc/ssl/certs/ca-certificates.crt " points to an area in the filesystem (/etc/ssl) that usually requires privileged access for read, write and execute. So any app run as a regular user that were to implicitly depend on the default truststore could end up not working in Ubuntu unless they overrode with a custom system prop which they were not earlier doing. This may be a problem for Java apps that did not have such an setting made earlier. Seems to be by the following icedtea patch, http://icedtea.classpath.org/hg/icedtea6/file/d0081b7856c8/patches/icedtea-certbundle.patch The "javax.net.ssl.trustStorePassword" has been set to an empty string too. Why? To manage notifications about this bug go to: https://bugs.launchpad.net/glassfish/+bug/224455/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : [email protected] Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
