SSLPeerUnverifiedException in OpenJDK-6
Xuelei Fan
xuelei.fan at oracle.com
Wed Sep 12 03:13:45 PDT 2012
Per the request of SSL/TLS protocols, see section 7.2 of RFC5246:
certificate_list
This is a sequence (chain) of certificates. The sender's
certificate MUST come first in the list. Each following
certificate MUST directly certify the one preceding it.
>From the logs, the server, www.elabs11.com, does not send the
certificate list compliant with above spec. The certificate list in the
server side is out-of-order, the following certificate does not certify
the one preceding it.
Xuelei
> Hi,
>
> I have a JAVA Springs web application, which talks to external services
> over HTTPS, using 'javax.net.ssl.HttpsURLConnection'. It used to work
> fine since ages, but starting with 14th August 2012, its throwing
> 'SSLPeerUnverifiedException' for 'https://www.elabs11.com'. The issue
> seems particularly with OpenJDK-6. It's working fine with Sun-6-JDK and
> OpenJDK-7.
>
> Here is my Java configuration:
> /java version "1.6.0_24"
> OpenJDK Runtime Environment (IcedTea6 1.11.4)
> (6b24-1.11.4-1ubuntu0.12.04.1)
> OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) /
>
> There was one build (34th) rolled out on 14th Aug
> (http://en.wikipedia.org/wiki/Java_version_history#Java_6_updates), but
> my OpenJDK is running 24th build. (/May be just a coincidence/)
>
> PFA my application logs with OpenJDK-6, OpenJDK-7 and SunJDK-6. I have
> also attached the sample Java code I am testing with.
>
> Any pointer in this regard will be appreciated.
>
> Thanks,
> Hitesh
>
>
More information about the jdk6-dev
mailing list