Bug 1513989 - java.security.InvalidAlgorithmParameterException on Java 9
Summary: java.security.InvalidAlgorithmParameterException on Java 9
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: java-9-openjdk
Version: 27
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: jiri vanek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1514736 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-16 12:47 UTC by Lukáš Petrovický
Modified: 2017-12-04 19:03 UTC (History)
6 users (show)

Fixed In Version: java-9-openjdk-9.0.1.11-4.fc27
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-04 19:03:49 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Lukáš Petrovický 2017-11-16 12:47:33 UTC 
Using java-9-openjdk-9.0.1.11-2.fc27.x86_64, I get the following exception in my application:


java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 
    at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)

Using OpenJDK 8, this doesn't happen. So I wen't looking around, and it turns out that OpenJDK has a "cacerts" symlink in jre/lib/security. This symlink points to /etc/pki/java/cacerts.

OpenJDK 9 has no such symlink there. And if I create it myself, the exception goes away.

This is a fairly serious problem, as it will likely happen with any sort of SSL communication, incl. HTTPS. And therefore essentially on any network request.
Comment 1 jiri vanek 2017-11-16 12:49:27 UTC 
Thak you for report. Will be fixed asap
Comment 2 Severin Gehwolf 2017-11-18 18:23:56 UTC 
*** Bug 1514736 has been marked as a duplicate of this bug. ***
Comment 3 jiri vanek 2017-11-21 14:08:18 UTC 
Simple reproducer will do:
public static void main(String... args) throws IOException{
    URL u = new URL("https://www.redhat.com/index.html");
    URLConnection c = u.openConnection();
    c.connect();
    
}

I'have started to build the packages. Once the builds passed some testing, will post updates.
Comment 4 jiri vanek 2017-11-21 19:02:17 UTC 
f27: https://koji.fedoraproject.org/koji/taskinfo?taskID=23288458
f28: https://koji.fedoraproject.org/koji/taskinfo?taskID=23287780
f26: https://koji.fedoraproject.org/koji/taskinfo?taskID=23287675

considering the seriousness, feel free to pretest
Comment 5 Fedora Update System 2017-11-22 13:22:08 UTC 
java-9-openjdk-9.0.1.11-4.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-3194ce6478
Comment 6 Fedora Update System 2017-11-22 21:43:18 UTC 
java-9-openjdk-9.0.1.11-4.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-3194ce6478
Comment 7 Lukáš Petrovický 2017-11-28 10:50:01 UTC 
Sorry, I was out for a bit. Problem seems to be fixed.
Comment 8 Fedora Update System 2017-12-04 19:03:49 UTC 
java-9-openjdk-9.0.1.11-4.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.