Bug 524387 - javax.net.ssl.SSLKeyException: RSA premaster secret error
Summary: javax.net.ssl.SSLKeyException: RSA premaster secret error
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Fedora
Classification: Fedora
Component: icedtea-web
Version: 15
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Omair Majid
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-19 18:21 UTC by Donald Cohen
Modified: 2011-10-07 20:28 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-07 20:28:10 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Donald Cohen 2009-09-19 18:21:13 UTC
Description of problem:
In trying to run an applet from firefox I get this:
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:116)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:593)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1132)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	at java.io.OutputStream.write(OutputStream.java:75)

The same code works as an application from eclipse.
I first ran across the problem about a month ago (I have a message about it from 8/26) but am just now trying to figure out the cause/cure.  A web search shows other cases where it arises related to changes in java version.  I notice that I got a new version from yum update on Aug. 23, and it's plausible that I might not have tried this applet for a few days after that.  I therefore conjecture that the problem is related to that change in version:
Aug 23 23:56:50 Updated: 1:java-1.6.0-openjdk-plugin-1.6.0.0-27.b16.fc11.x86_64
The previous version I see in my yum log was
Aug 06 14:40:47 Updated: 1:java-1.6.0-openjdk-plugin-1.6.0.0-25.b16.fc11.x86_64
so I guess it's equally plausible that the problem could have been in the transition to -26.

If it will help for me to try installing different versions I'm willing to try. 
(Please send directions for doing that.)

Comment 1 Donald Cohen 2010-04-27 07:49:57 UTC
I'm not sure, but I think this was working again a while ago and now is breaking again. 
javax.net.ssl.SSLKeyException: RSA premaster secret error
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:116)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:632)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:220)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:546)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:482)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1140)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	at java.io.OutputStream.write(OutputStream.java:75)
Yum shows
Apr 12 15:53:37 Updated: 1:java-1.6.0-openjdk-1.6.0.0-34.b17.fc11.x86_64
and
Apr 12 15:53:44 Updated: 1:java-1.6.0-openjdk-plugin-1.6.0.0-34.b17.fc11.x86_64

As above, the application running from eclipse does not get this error.

Comment 2 Bug Zapper 2010-04-28 10:28:49 UTC
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 3 Donald Cohen 2010-04-30 15:50:00 UTC
just moved to fedora 12, same result

Comment 4 Deepak Bhole 2010-04-30 19:11:06 UTC
is there a reproducible test case I can try?

Comment 5 Donald Cohen 2010-05-19 17:38:44 UTC
I just notice that this bug has not been updated to reflect the following:
Date: Thu, 6 May 2010 17:42:42 -0400 
From: Deepak Bhole <dbhole> 
Thanks for the reproducer. I have committed a fix upstream. The next 
time Fedora synchs, it should be fixed: 
http://icedtea.classpath.org/hg/icedtea6/rev/6d1e2fae468a 

====
I don't know what exactly it means for Fedora to sync or how long it takes.
I noticed the last time I did yum update
Updated: 1:java-1.6.0-openjdk-1.6.0.0-38.b18.fc12.x86_64
but the problem is still there for me
Is the fix supposed to be in this version?  If not, when should I expect it?

Comment 6 Donald Cohen 2010-06-22 18:16:48 UTC
I've now done an update and received
Jun 22 10:57:29 Updated: 1:java-1.6.0-openjdk-plugin-1.6.0.0-39.b18.fc12.x86_64
(along with several other related openjdk packages with similar version #s)
and I get the same error, or at least a very similar one.
Is this version supposed to have the fix?

=========

javax.net.ssl.SSLKeyException: RSA premaster secret error
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:116)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:632)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:220)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:546)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:482)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1140)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1167)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1151)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1005)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:259)
	at LoginFormPanel.cmdOK_Click(LoginFormPanel.java:237)
	at LoginFormPanel$1.construct(LoginFormPanel.java:494)
	at SwingWorker$2.run(SwingWorker.java:107)
	at java.lang.Thread.run(Thread.java:636)
Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
	at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:141)
	at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:191)
	at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:240)
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:108)
	... 17 more
URL connection failed - try direct
javax.net.ssl.SSLKeyException: RSA premaster secret error
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:116)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:632)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:220)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:546)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:482)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1140)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	at java.io.OutputStream.write(OutputStream.java:75)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:268)
javax.net.ssl.SSLKeyException: RSA premaster secret error

Comment 7 Deepak Bhole 2010-06-30 21:20:24 UTC
Unfortunately, the upstream update has not propagated into Fedora yet (for stability reasons and due to the time taken to test things, we cannot update OpenJDK in Fedora for less frequent bugs).

The fix will be in the next Fedora update that carries IcedTea 1.8.1. Currently there is no fixed schedule for this. If you'd like, I could do a scratch build and provide you with scratch packages that have the fix for this issue. Let me know (via email).

Comment 8 Chris Shucksmith 2010-07-12 12:01:46 UTC
Same issue with fc13 + OpenJDK Web Start running an application (ie. $ javaws http://..../) throws:

javax.net.ssl.SSLKeyException: RSA premaster secret error
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:116)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:632)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:220)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:546)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:482)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1140)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
	at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
	at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:141)
	at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:191)
	at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:240)
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:108)

However the same JAR files (locally rather than over HTTP) invoked from Eclipse or with a stand-alone $ java  work correctly. 

I would be happy to test a scratch package.

Comment 9 Andrew John Hughes 2010-09-03 22:16:14 UTC
This is fixed in:

https://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-40.b18.fc12

Comment 10 Donald Cohen 2011-02-17 01:41:20 UTC
I'm now getting the same thing (different line#s) in fc14.
Should I be creating a new bug or reopening the old one?

This happens in both firefox and chrome.
$ firefox &
...
$ Initializing GWT Developer Plugin
  gecko=1.9.2.13, firefox=3.6.13, abi=Linux_x86_64-gcc3, built for ff36
  successfully registered GWT Developer Plugin
java version "1.6.0_20"
OpenJDK Runtime Environment (IcedTea6 1.9.6) (fedora-52.1.9.6.fc14-x86_64)
OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)
system look and feel class: com.sun.java.swing.plaf.gtk.GTKLookAndFeel
java.lang.NullPointerException
	at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:649)
	at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:270)
	at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82)
java.lang.RuntimeException: Failed to handle message: width 400 height 210 for instance 1
	at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:660)
	at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:270)
	at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82)
Caused by: java.lang.NullPointerException
	at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:649)
	... 2 more
java.lang.NullPointerException
	at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:649)
	at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:270)
	at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82)
java.lang.RuntimeException: Failed to handle message: width 400 height 210 for instance 1
	at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:660)
	at sun.applet.PluginStreamHandler.handleMessage(PluginStreamHandler.java:270)
	at sun.applet.PluginMessageHandlerWorker.run(PluginMessageHandlerWorker.java:82)
Caused by: java.lang.NullPointerException
	at sun.applet.PluginAppletViewer.handleMessage(PluginAppletViewer.java:649)
	... 2 more
free: 357615 allocated: 369920 max: 902976 total free memory: 890671
hostname saturn.spicenet.net port 443
javax.net.ssl.SSLKeyException: RSA premaster secret error
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:116)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:703)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1139)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:259)
	at LoginFormPanel.cmdOK_Click(LoginFormPanel.java:237)
	at LoginFormPanel$1.construct(LoginFormPanel.java:494)
	at SwingWorker$2.run(SwingWorker.java:107)
	at java.lang.Thread.run(Thread.java:636)
Caused by: java.security.NoSuchAlgorithmException: SunTlsRsaPremasterSecret KeyGenerator not available
	at javax.crypto.KeyGenerator.<init>(KeyGenerator.java:141)
	at javax.crypto.KeyGenerator.getInstance(KeyGenerator.java:191)
	at sun.security.ssl.JsseJce.getKeyGenerator(JsseJce.java:240)
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:108)
	... 17 more
URL connection failed - try direct
javax.net.ssl.SSLKeyException: RSA premaster secret error
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:116)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:703)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	at java.io.OutputStream.write(OutputStream.java:75)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:268)
javax.net.ssl.SSLKeyException: RSA premaster secret error
Login unsuccessful...

Comment 11 Omair Majid 2011-03-01 19:43:03 UTC
I believe this upstream commit fixes the problem
http://icedtea.classpath.org/hg/icedtea-web/rev/11a9a305dd44

Comment 12 Donald Cohen 2011-06-23 15:30:44 UTC
I'm still getting this same error - when should I expect to see the update above and how will I recognize it?
I seem to be now running:
OpenJDK Runtime Environment (IcedTea6 1.9.8) (fedora-53.1.9.8.fc14-x86_64)
OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)

Comment 13 Deepak Bhole 2011-06-23 18:18:27 UTC
The fix is in the 1.0 branch of icedtea-web and it should be in Fedora. 

Changing component and re-assigning to Omair.

Comment 14 Donald Cohen 2011-06-23 18:43:58 UTC
You mean it should work in the version I'm using?
I'll be happy to show you how to reproduce if you want to try.

Comment 15 Donald Cohen 2011-06-23 18:53:17 UTC
While we're at it, does this problem have anything to do with the following error that I get when I try to run the same applet another way?
java version "1.6.0_20"
OpenJDK Runtime Environment (IcedTea6 1.9.8) (fedora-53.1.9.8.fc14-x86_64)
OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)
system look and feel class: com.sun.java.swing.plaf.gtk.GTKLookAndFeel
java.security.AccessControlException: access denied (java.net.NetPermission getProxySelector)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
	at java.security.AccessController.checkPermission(AccessController.java:553)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:250)
	at java.net.ProxySelector.getDefault(ProxySelector.java:90)
	at Sonario.readProxySettings(Sonario.java:68)
	at Sonario.init(Sonario.java:182)
	at sun.applet.AppletPanel.run(AppletPanel.java:436)
	at java.lang.Thread.run(Thread.java:636)

Or is this somehow related to settings that I can control (and how?)
Or should I submit this as a separate bug?

Comment 16 Deepak Bhole 2011-06-23 19:01:01 UTC
The error in comment #15 appears to be because the app does not have sufficient permissions. It is likely related to the same issue (whereby a stack is not being properly check to evaluate permissions for the application).

Comment 17 Omair Majid 2011-06-23 20:30:47 UTC
(In reply to comment #12)
> I'm still getting this same error - when should I expect to see the update
> above and how will I recognize it?
> I seem to be now running:
> OpenJDK Runtime Environment (IcedTea6 1.9.8) (fedora-53.1.9.8.fc14-x86_64)
> OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)

This fix is only in Fedora 15 for now (in icedtea-web). Could you please try the applet with Fedora 15?

Fedora 14 does not have icedtea-web yet, though we are considering adding it. It may be too intrusive to add - the upgrade path from java-1.6.0-openjdk-plugin to icedtea-web is a little tricky.

Comment 18 Deepak Bhole 2011-06-23 20:35:48 UTC
Ah, sorry Donald, didn't notice you were still on F14. Omair is correct, the fix is in icedtea-web which is in F15 only. 

At some point we will likely port icedtea-web back to F14, but there is no fixed date for it yet.

Comment 19 Omair Majid 2011-06-23 20:51:29 UTC
(In reply to comment #15)
> While we're at it, does this problem have anything to do with the following
> error that I get when I try to run the same applet another way?

> Or should I submit this as a separate bug?

Please do file another bug with more information, especially if you can reproduce this on F15. Worse case, it will turn out to be a duplicate and we will close
it, but I would like to see some more information.

Thanks!

Comment 20 Donald Cohen 2011-06-23 21:29:06 UTC
ok, now on fc15 (had to figure out how to install icedtea and then plugin)
I get a different problem here.  I don't see how to get a console so I run
firefox from a shell.  I got some popups about network failures (last packet sent 0 ago) and about relogin, so there are probably several copies of what you want below.

$ firefox
java version "1.6.0_22"
OpenJDK Runtime Environment (IcedTea6 1.10.2) (fedora-58.1.10.2.fc15-i386)
OpenJDK Client VM (build 20.0-b11, mixed mode)
system look and feel class: javax.swing.plaf.metal.MetalLookAndFeel
free: 10456 allocated: 18388 max: 496960 total free memory: 489028
hostname saturn.spicenet.net port 443
javax.net.ssl.SSLException: java.security.AccessControlException: access denied (java.security.AllPermission <all permissions> <all actions>)
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1628)
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1611)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1192)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1139)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:259)
	at LoginFormPanel.cmdOK_Click(LoginFormPanel.java:237)
	at LoginFormPanel$1.construct(LoginFormPanel.java:495)
	at SwingWorker$2.run(SwingWorker.java:107)
	at java.lang.Thread.run(Thread.java:679)
Caused by: java.security.AccessControlException: access denied (java.security.AllPermission <all permissions> <all actions>)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
	at java.security.AccessController.checkPermission(AccessController.java:553)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:261)
	at net.sourceforge.jnlp.runtime.JNLPRuntime.getSecurityDialogHandler(JNLPRuntime.java:400)
	at net.sourceforge.jnlp.security.SecurityWarning.getUserResponse(SecurityWarning.java:298)
	at net.sourceforge.jnlp.security.SecurityWarning.showCertWarningDialog(SecurityWarning.java:196)
	at net.sourceforge.jnlp.security.VariableX509TrustManager.askUser(VariableX509TrustManager.java:381)
	at net.sourceforge.jnlp.security.VariableX509TrustManager.checkServerTrusted(VariableX509TrustManager.java:245)
	at net.sourceforge.jnlp.security.VariableX509TrustManager.checkServerTrusted(VariableX509TrustManager.java:194)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
	... 10 more
URL connection failed - try direct
Thread[Thread-17,6,http://saturnids.spicenet.net/sonario/develop081125/] Connecting to server...
driver mysql driverport 3307 driverhost  dsn  user ddevelop080401 pass d699c5b4c4778d999dc86279e1751bae
connect to url jdbc:mysql://saturn.spicenet.net:3307/develop080401?user=ddevelop080401&password=d699c5b4c4778d999dc86279e1751bae&useSSL=true&requireSSL=true&requireSSLcert=false&dontTrackOpenResources=true&dumpQueriesOnException=true&noAccessToProcedureBodies=true
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

Last packet sent to the server was 0 ms ago.
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
	at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
	at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
	at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2104)
	at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:729)
	at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
	at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
	at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:302)
	at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:283)
	at java.sql.DriverManager.getConnection(DriverManager.java:620)
	at java.sql.DriverManager.getConnection(DriverManager.java:222)
	at StoredProc.registerConnection(StoredProc.java:583)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:325)
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

Last packet sent to the server was 0 ms ago.
OK on relogin
hostname saturn.spicenet.net port 443
javax.net.ssl.SSLException: java.security.AccessControlException: access denied (java.security.AllPermission <all permissions> <all actions>)
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1628)
	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1611)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1192)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1139)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:259)
	at LoginFormPanel.cmdOK_Click(LoginFormPanel.java:237)
	at StoredProc.reconnect(StoredProc.java:239)
	at StoredProc.getauthority(StoredProc.java:622)
	at LoginFormPanel.afterconnect(LoginFormPanel.java:387)
	at LoginFormPanel$1.construct(LoginFormPanel.java:495)
	at SwingWorker$2.run(SwingWorker.java:107)
	at java.lang.Thread.run(Thread.java:679)
Caused by: java.security.AccessControlException: access denied (java.security.AllPermission <all permissions> <all actions>)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
	at java.security.AccessController.checkPermission(AccessController.java:553)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:261)
	at net.sourceforge.jnlp.runtime.JNLPRuntime.getSecurityDialogHandler(JNLPRuntime.java:400)
	at net.sourceforge.jnlp.security.SecurityWarning.getUserResponse(SecurityWarning.java:298)
	at net.sourceforge.jnlp.security.SecurityWarning.showCertWarningDialog(SecurityWarning.java:196)
	at net.sourceforge.jnlp.security.VariableX509TrustManager.askUser(VariableX509TrustManager.java:381)
	at net.sourceforge.jnlp.security.VariableX509TrustManager.checkServerTrusted(VariableX509TrustManager.java:245)
	at net.sourceforge.jnlp.security.VariableX509TrustManager.checkServerTrusted(VariableX509TrustManager.java:194)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
	... 13 more
URL connection failed - try direct
Thread[Thread-17,6,http://saturnids.spicenet.net/sonario/develop081125/] Connecting to server...
driver mysql driverport 3307 driverhost  dsn  user ddevelop080401 pass e391f18f154506ca752dec25fc804913
connect to url jdbc:mysql://saturn.spicenet.net:3307/develop080401?user=ddevelop080401&password=e391f18f154506ca752dec25fc804913&useSSL=true&requireSSL=true&requireSSLcert=false&dontTrackOpenResources=true&dumpQueriesOnException=true&noAccessToProcedureBodies=true
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

Last packet sent to the server was 0 ms ago.
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
	at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
	at com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:1074)
	at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2104)
	at com.mysql.jdbc.ConnectionImpl.<init>(ConnectionImpl.java:729)
	at com.mysql.jdbc.JDBC4Connection.<init>(JDBC4Connection.java:46)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
	at com.mysql.jdbc.Util.handleNewInstance(Util.java:406)
	at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:302)
	at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:283)
	at java.sql.DriverManager.getConnection(DriverManager.java:620)
	at java.sql.DriverManager.getConnection(DriverManager.java:222)
	at StoredProc.registerConnection(StoredProc.java:583)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:325)
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

Last packet sent to the server was 0 ms ago.

Comment 21 Donald Cohen 2011-06-23 21:32:19 UTC
Here's the second version (comment 15) - much simpler:
firefox
java version "1.6.0_22"
OpenJDK Runtime Environment (IcedTea6 1.10.2) (fedora-58.1.10.2.fc15-i386)
OpenJDK Client VM (build 20.0-b11, mixed mode)
system look and feel class: javax.swing.plaf.metal.MetalLookAndFeel
java.security.AccessControlException: access denied (java.net.NetPermission getProxySelector)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
	at java.security.AccessController.checkPermission(AccessController.java:553)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at net.sourceforge.jnlp.runtime.JNLPSecurityManager.checkPermission(JNLPSecurityManager.java:261)
	at java.net.ProxySelector.getDefault(ProxySelector.java:90)
	at Sonario.readProxySettings(Sonario.java:68)
	at Sonario.init(Sonario.java:182)
	at sun.applet.AppletPanel.run(AppletPanel.java:436)
	at net.sourceforge.jnlp.NetxPanel.run(NetxPanel.java:68)
	at java.lang.Thread.run(Thread.java:679)

Comment 22 Omair Majid 2011-09-15 19:56:26 UTC
Both of these look like different issues. In order to avoid clutter and confusion, would it be possible to open new bugs for these?

Comment 23 Donald Cohen 2011-09-15 20:56:02 UTC
I can't tell which issues you want to be separate bugs, but feel free to open
whichever they are and me to them.

Comment 24 Omair Majid 2011-09-15 21:14:34 UTC
I have filed bug 738811 corresponding to comment 15 and comment 21 and bug 738814 corresponding to comment 20.

I am closing this bug as FIXED. If you still run into this issue, please reopen this bug.

Comment 25 Donald Cohen 2011-09-15 21:48:10 UTC
I'm guessing that reopen means set status to assigned, but am I also supposed to set "resolved as", and if so, to what?

Currently I get this when I try to login to
http://saturnids.spicenet.net/sonario/develop081125/develop081125-mysql.html
(just click on login)

java version "1.6.0_20"
OpenJDK Runtime Environment (IcedTea6 1.9.9) (fedora-54.1.9.9.fc14-x86_64)
OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)
 ...
javax.net.ssl.SSLKeyException: RSA premaster secret error 
	at sun.security.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:116)
	at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:703)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	at java.io.OutputStream.write(OutputStream.java:75)
	at LoginFormPanel.cmdOK_ClickMYSQL(LoginFormPanel.java:268)

$ uname -a
Linux number11.don-eve.dyndns.org 2.6.35.13-92.fc14.x86_64 #1 SMP Sat May 21 17:26:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

Comment 26 Omair Majid 2011-09-19 16:20:08 UTC
That looks like F14. Yes, this bug is not fixed there (it is fixed in F15). And unfortunately, I dont think it will be fixed in F14: Adding icedtea-web to F14 will require a number of changes to the OpenJDK package as well as significant efforts in testing.

Comment 27 Omair Majid 2011-10-07 20:28:10 UTC
Sorry, the fix applied in F15 does not look suitable for backporting to F14. It will require significant testing and may risk the stability of the plugin in F14. If you do need to use this, please try and use F15, which does have this problem fixed.


Note You need to log in before you can comment on or make changes to this bug.