[Bug 1767890] [NEW] java can't connect to https sites

Sun, 29 Apr 2018 16:01:45 -0700 

Public bug reported:

After installing 18.04 and default-jdk, which provides java/javac
1.10.1, Java applications are unable to connect to https sites. This can
be reproduced with a simple Java program:

sam@sam-desktop:~$ cat <<EOF >HttpsTester.java
> import java.net.URL;
> import javax.net.ssl.HttpsURLConnection;
>
> public class HttpsTester {
>     public static void main(String[] args) {
>         try {
>             HttpsURLConnection connection = (HttpsURLConnection) new 
> URL("https://www.ubuntu.com";).openConnection();
>             System.out.println("Response code: " + 
> connection.getResponseCode());
>             System.out.println("It worked!");
>         } catch (Exception e) {
>             System.out.println(e.getMessage());
>         }
>     }
> }
> EOF
sam@sam-desktop:~$ javac HttpsTester.java
sam@sam-desktop:~$ java HttpsTester
java.lang.RuntimeException: Unexpected error: 
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter 
must be non-empty

This seems to be due to a misconfigured keystore in
/etc/ssl/certs/java/cacerts. If I use the keystore which is bundled in
Oracle's JRE, then the certificate check during connection succeeds:

sam@sam-desktop:~$ tar -zxf jre-10.0.1_linux-x64_bin.tar.gz
sam@sam-desktop:~$ java 
-Djavax.net.ssl.trustStore=jre-10.0.1/lib/security/cacerts HttpsTester
Response code: 200

I'm not sure if this is somehow related to 1406483, but I've tried
recreating my keystore (using 'sudo update-ca-certificates -f' and 'sudo
apt-get install --reinstall ca-certificates-java') without success.

My keystore is not empty, but contains a different set of keys to
Oracle's one:

sam@sam-desktop:~$ keytool -list -keystore /etc/ssl/certs/java/cacerts 
-storepass changeit | grep 'Your keystore contains'
Warning: use -cacerts option to access cacerts keystore
Your keystore contains 134 entries

sam@sam-desktop:~$ keytool -list -keystore jre-10.0.1/lib/security/cacerts 
-storepass changeit | grep 'Your keystore contains'
Your keystore contains 104 entries

** Affects: ca-certificates-java (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1767890

Title:
  java can't connect to https sites

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1767890/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to