trustAnchors parameter must be non-empty
Michael Hall
mik3hall at gmail.com
Sat Mar 3 17:43:18 PST 2012
On Mar 3, 2012, at 7:38 PM, David Schlosnagle wrote:
> On Sat, Mar 3, 2012 at 6:38 PM, Michael Hall <mik3hall at gmail.com> wrote:
>> Running into this...
>> Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
>>
>> trying to use some Google data stuff.
>> Appears to be the same error as...
>> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7145128
>> but that is closed as a duplicate to 7114062 which for some reason I can't look at?
>> This bug is not available.
>
> By default, the OpenJDK build creates an empty trusted certificate
> authority keystore ($JAVA_HOME/jre/lib/security/cacerts), so if you
> attempt to do anything that would use those trusted certificates (e.g.
> SSL, for certificate chain validations), it will fail with the
> "java.security.InvalidAlgorithmParameterException: the trustAnchors
> parameter must be non-empty" exception. I've run into this issue
> before during the build when using OpenJDK as a bootstrap for another
> OpenJDK build [1]. I'd suggest you look at importing the appropriate
> certificates into your cacerts via keytool, or use the
> javax.net.ssl.trustStore system property to point at an existing valid
> keystore.
Thanks for the detailed response. I will consider the workarounds when I try this again. For the time being I had gone back to Apple's 1.6.
More information about the macosx-port-dev
mailing list