<div dir="auto">I signed the OCA yesterday, just waiting for it to be approved</div><div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, 17 Jan 2025 at 22:20, Alexey Bakhtin <<a href="mailto:alexey@azul.com">alexey@azul.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div style="line-break:after-white-space">Hello Sean,<div><br></div><div>The enhancement looks reasonable.</div><div>As far as I know, Tim submitted the PR for this enhancement. I will be happy to review and help with it.</div><div><br></div><div>Regards</div></div><div style="line-break:after-white-space"><div>Alexey</div><div><br id="m_-6840173428536753586lineBreakAtBeginningOfMessage"><div><br><blockquote type="cite"><div>On 17 Jan 2025, at 13:58, Sean Mullan <<a href="mailto:sean.mullan@oracle.com" target="_blank">sean.mullan@oracle.com</a>> wrote:</div><br><div>

<div>

<table border="0" cellspacing="0" cellpadding="0" align="left" width="100%">

<tbody>

<tr>

<td style="background:repeat rgb(255,185,0);padding:5pt 2pt"></td>

<td width="100%" cellpadding="7px 6px 7px 15px" style="background:repeat rgb(255,248,229);padding:5pt 4pt 5pt 11pt">

<div style="color:rgb(34,34,34)"><span style="font-weight:bold;color:rgb(34,34,34)">Caution:</span> This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

</div>

</td>

</tr>

</tbody>

</table>

<br>

<div><p>Alexey,</p><p>Given your experience with implementing <a href="https://bugs.openjdk.org/browse/JDK-8320362" target="_blank">

https://bugs.openjdk.org/browse/JDK-8320362</a>, is this something you would be interested in working on?

<br>

<br>

Tim, any progress on the OCA?<br>

<br>

Thanks,</p><p>Sean<br>

</p>

<div>On 1/13/25 2:47 PM, Alexey Bakhtin wrote:<br>

</div>

<blockquote type="cite">

Hello Sean, Tim

<div><br>

</div>

<div>I've attached logs to the JDK-8347067, created based on Tim’s report.</div>

<div>As you mentioned already, the issue happens because the TLS server sends truncated chain without CA intermediate certificates.</div>

<div>In my understanding, it should not be a problem if the Root and CA intermediate are stored in the KeychainStore. </div>

<div>According to the Apple spec CA intermediate can be stored without trust settings but is considered trusted if validated to the root cert.</div>

<div><br>

</div>

<div>Regards</div>

<div>Alexey<br id="m_-6840173428536753586lineBreakAtBeginningOfMessage">

<div><br>

<blockquote type="cite">

<div>On 13 Jan 2025, at 01:21, Tim Jacomb <a href="mailto:timjacomb1@gmail.com" target="_blank">

<timjacomb1@gmail.com></a> wrote:</div>

<br>

<div>

<div>

<table border="0" cellspacing="0" cellpadding="0" width="100%" style="background-image:revert!important;background-position:revert!important;background-size:revert!important;background-repeat:revert!important;background-origin:revert!important;background-clip:revert!important;direction:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;border-width:0px!important;border-style:none!important;display:table!important;width:100%!important;table-layout:fixed!important;float:none!important;border-spacing:0px!important;background-color:revert;border-color:currentcolor;color:revert" align="left">

<tbody style="background-image:revert!important;background-position:revert!important;background-size:revert!important;background-repeat:revert!important;background-origin:revert!important;background-clip:revert!important;border-width:revert!important;border-style:revert!important;direction:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;display:block!important;background-color:revert;border-color:revert;color:revert">

<tr style="background-image:revert!important;background-position:revert!important;background-size:revert!important;background-repeat:revert!important;background-origin:revert!important;background-clip:revert!important;border-width:revert!important;border-style:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;background-color:revert;border-color:revert;color:revert">

<td valign="middle" width="1px" bgcolor="#A6A6A6" cellpadding="7px 2px 7px 2px" style="background-image:revert!important;background-position:revert!important;background-size:revert!important;background-repeat:revert!important;background-origin:revert!important;background-clip:revert!important;border-width:revert!important;border-style:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;padding:7px 2px!important;width:0px!important;background-color:rgb(166,166,166);border-color:revert;color:revert">

<br>

</td>

<td valign="middle" width="100%" bgcolor="#EAEAEA" cellpadding="7px 5px 7px 15px" style="font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;background-image:revert!important;background-position:revert!important;background-size:revert!important;background-repeat:revert!important;background-origin:revert!important;background-clip:revert!important;border-width:revert!important;border-style:revert!important;direction:revert!important;display:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;table-layout:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;width:100%!important;padding:7px 5px 7px 15px!important;font-size:12px!important;font-weight:normal!important;text-align:left!important;background-color:rgb(234,234,234);border-color:revert;color:rgb(33,33,33)">

<div style="font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;background-image:revert!important;background-position:revert!important;background-size:revert!important;background-repeat:revert!important;background-origin:revert!important;background-clip:revert!important;border-width:revert!important;border-style:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;padding:revert!important;table-layout:revert!important;text-align:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;width:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;background-color:revert;border-color:revert;color:revert">

Some people who received this message don't often get email from <a href="mailto:timjacomb1@gmail.com" target="_blank" style="font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif">

timjacomb1@gmail.com</a>. <a href="https://aka.ms/LearnAboutSenderIdentification" style="font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;background-image:revert!important;background-position:revert!important;background-size:revert!important;background-repeat:revert!important;background-origin:revert!important;background-clip:revert!important;direction:revert!important;display:revert!important;font-size:revert!important;opacity:revert!important;background-color:revert;color:revert" target="_blank">

Learn why this is important</a> </div>

</td>

<td valign="middle" align="left" width="75px" bgcolor="#EAEAEA" cellpadding="7px 5px 7px 5px" style="font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif;background-image:revert!important;background-position:revert!important;background-size:revert!important;background-repeat:revert!important;background-origin:revert!important;background-clip:revert!important;border-width:revert!important;border-style:revert!important;direction:revert!important;display:revert!important;height:revert!important;letter-spacing:revert!important;line-height:revert!important;margin:revert!important;opacity:revert!important;outline:revert!important;overflow:revert!important;table-layout:revert!important;text-indent:revert!important;text-orientation:revert!important;text-overflow:revert!important;text-transform:revert!important;vertical-align:revert!important;white-space:revert!important;word-break:revert!important;word-spacing:revert!important;writing-mode:revert!important;zoom:revert!important;width:75px!important;padding:7px 5px!important;font-size:12px!important;font-weight:normal!important;text-align:left!important;background-color:rgb(234,234,234);border-color:revert;color:rgb(33,33,33)">

<br>

</td>

</tr>

</tbody>

</table>

<div>

<table border="0" cellspacing="0" cellpadding="0" align="left" width="100%">

<tbody>

<tr>

<td style="background:repeat rgb(255,185,0);padding:5pt 2pt"><br>

</td>

<td width="100%" cellpadding="7px 6px 7px 15px" style="background:repeat rgb(255,248,229);padding:5pt 4pt 5pt 11pt">

<div style="color:rgb(34,34,34)"><span style="font-weight:bold;color:rgb(34,34,34)">Caution:</span> This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

</div>

</td>

</tr>

</tbody>

</table>

<br>

<div>

<div dir="ltr">Hi Sean

<div><br>

</div>

<div>I don't have access to add to the bug report, but I've attached to the GitHub pull request here:</div>

<div><a href="https://github.com/openjdk/jdk/pull/22911#issuecomment-2586577905" target="_blank">https://github.com/openjdk/jdk/pull/22911#issuecomment-2586577905</a></div>

<div><br>

</div>

<div>(this can also be reproduced with this repository: <a href="https://github.com/timja/openjdk-intermediate-ca-reproducer" target="_blank">

https://github.com/timja/openjdk-intermediate-ca-reproducer</a>)</div>

<div><br>

</div>

<div>Thanks</div>

<div>Tim</div>

</div>

<br>

<div class="gmail_quote">

<div dir="ltr" class="gmail_attr">On Thu, 9 Jan 2025 at 20:56, Sean Mullan <<a href="mailto:sean.mullan@oracle.com" target="_blank">sean.mullan@oracle.com</a>> wrote:<br>

</div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">

<br>

On 1/8/25 4:06 AM, Tim Jacomb wrote:<br>

> TLS handshake fails with PKIX path building error.<br>

> <br>

> Chain is Root -> Intermediate -> Leaf in the runnable example although <br>

> in our real-world use-case its Root -> Intermediate 1 -> Intermediate 2 <br>

> -> Leaf<br>

> If I run the example only with Root -> Leaf then it works fine...<br>

<br>

It would be helpful if you can attach two logfiles (assuming the info <br>

isn't sensitive) to the bug report[1], one running with <br>

-Djavax.net.debug=all and the other with -Djava.security.debug=certpath.<br>

<br>

Thanks,<br>

Sean<br>

<br>

[1] <a href="https://bugs.openjdk.org/browse/JDK-8347067" rel="noreferrer" target="_blank">

https://bugs.openjdk.org/browse/JDK-8347067</a><br>

<br>

</blockquote>

</div>

</div>

</div>

</div>

</div>

</blockquote>

</div>

<br>

</div>

</blockquote>

</div>

</div>

</div></blockquote></div><br></div></div></blockquote></div></div>