SSLPeerUnverifiedException in OpenJDK-6

Hitesh Bhanushali hitesh.cpp at gmail.com
Wed Sep 12 03:50:17 PDT 2012 

I see.. Thanks a lot Xuelei !
This issue really burnt my huge no. of hours. Appreciate your help !

On Wed, Sep 12, 2012 at 4:11 PM, Xuelei Fan <xuelei.fan at oracle.com> wrote:

> On 9/12/2012 6:37 PM, Hitesh Bhanushali wrote:
> > Thanks Xuelei for the reply!
> >
> > So is this order required in OpenJDK-6 specifically? Because, things are
> > working fine with OpenJDK-7 and SunJDK 6-7 on client side with the same
> > server.
> >
> We tolerant out-of-order certificate list [1] in JDK 7, and updated JDK
> 6. But the fix has not been backported to OpenJDK 6.
>
> If it is possible, the server should always use ordered list. Otherwise,
> it is not granted to work with all SSL/TLS vendors.
>
> Xuelei
>
> [1] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6899503
>
> > ~Hitesh
> >
> > On Wed, Sep 12, 2012 at 3:43 PM, Xuelei Fan <xuelei.fan at oracle.com
> > <mailto:xuelei.fan at oracle.com>> wrote:
> >
> >     Per the request of SSL/TLS protocols, see section 7.2 of RFC5246:
> >
> >        certificate_list
> >           This is a sequence (chain) of certificates.  The sender's
> >           certificate MUST come first in the list.  Each following
> >           certificate MUST directly certify the one preceding it.
> >
> >     From the logs, the server, www.elabs11.com <http://www.elabs11.com>,
> >     does not send the
> >     certificate list compliant with above spec.  The certificate list in
> the
> >     server side is out-of-order, the following certificate does not
> certify
> >     the one preceding it.
> >
> >     Xuelei
> >
> >     > Hi,
> >     >
> >     > I have a JAVA Springs web application, which talks to external
> >     services
> >     > over HTTPS, using 'javax.net.ssl.HttpsURLConnection'. It used to
> work
> >     > fine since ages, but starting with 14th August 2012, its throwing
> >     > 'SSLPeerUnverifiedException' for 'https://www.elabs11.com'. The
> issue
> >     > seems particularly with OpenJDK-6. It's working fine with
> >     Sun-6-JDK and
> >     > OpenJDK-7.
> >     >
> >     > Here is my Java configuration:
> >     > /java version "1.6.0_24"
> >     > OpenJDK Runtime Environment (IcedTea6 1.11.4)
> >     > (6b24-1.11.4-1ubuntu0.12.04.1)
> >     > OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) /
> >     >
> >     > There was one build (34th) rolled out on 14th Aug
> >     >
> >     (http://en.wikipedia.org/wiki/Java_version_history#Java_6_updates),
> but
> >     > my OpenJDK is running 24th build. (/May be just a coincidence/)
> >     >
> >     > PFA my application logs with OpenJDK-6, OpenJDK-7 and SunJDK-6. I
> have
> >     > also attached the sample Java code I am testing with.
> >     >
> >     > Any pointer in this regard will be appreciated.
> >     >
> >     > Thanks,
> >     > Hitesh
> >     >
> >     >
> >
> >
> >
> >
> > --
> > Hitesh Bhanushali
>
>


-- 
Hitesh Bhanushali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/jdk6-dev/attachments/20120912/04ebc2ab/attachment.html

More information about the jdk6-dev mailing list