<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>Alexey,</p>
<p>Given your experience with implementing
<a class="moz-txt-link-freetext" href="https://bugs.openjdk.org/browse/JDK-8320362">https://bugs.openjdk.org/browse/JDK-8320362</a>, is this something you
would be interested in working on? <br>
<br>
Tim, any progress on the OCA?<br>
<br>
Thanks,</p>
<p>Sean<br>
</p>
<div class="moz-cite-prefix">On 1/13/25 2:47 PM, Alexey Bakhtin
wrote:<br>
</div>
<blockquote type="cite" cite="mid:1A84998E-A71F-45CC-B944-A40D881AA9E3@azul.com">
Hello Sean, Tim
<div><br>
</div>
<div>I've attached logs to the JDK-8347067, created based on Tim’s
report.</div>
<div>As you mentioned already, the issue happens because the TLS
server sends truncated chain without CA intermediate
certificates.</div>
<div>In my understanding, it should not be a problem if the Root
and CA intermediate are stored in the KeychainStore. </div>
<div>According to the Apple spec CA intermediate can be stored
without trust settings but is considered trusted if validated to
the root cert.</div>
<div><br>
</div>
<div>Regards</div>
<div>Alexey<br id="lineBreakAtBeginningOfMessage">
<div><br>
<blockquote type="cite">
<div>On 13 Jan 2025, at 01:21, Tim Jacomb
<a class="moz-txt-link-rfc2396E" href="mailto:timjacomb1@gmail.com"><timjacomb1@gmail.com></a> wrote:</div>
<br class="Apple-interchange-newline">
<div>
<div>
<table border="0" cellspacing="0" cellpadding="0" width="100%" style=" aspect-ratio: revert !important; background: revert !important; block-size: revert !important; border: revert !important; bottom: revert !important; color: revert !important; color-scheme: revert !important; content-visibility: revert !important; cursor: revert !important; direction: revert !important; display: revert !important; font-size: revert !important; height: revert !important; hyphens: revert !important; letter-spacing: revert !important; line-height: revert !important; margin: revert !important; opacity: revert !important; order: revert !important; outline: revert !important; overflow: revert !important; padding: revert !important; position: revert !important; resize: revert !important; rotate: revert !important; scale: revert !important; tab-size: revert !important; table-layout: revert !important; text-align: revert !important; text-indent: revert !important; text-orientation: revert !important; text-overflow: revert !important; text-shadow: revert !important; text-transform: revert !important; text-wrap: revert !important; top: revert !important; transition: revert !important; user-select: revert !important; vertical-align: revert !important; visibility: revert !important; white-space: revert !important; width: revert !important; word-break: revert !important; word-spacing: revert !important; writing-mode: revert !important; zoom: revert !important; cellpadding: 0 !important; border: 0 !important; cellspacing: 0 !important; display: table !important; width: 100% !important; table-layout: fixed !important; border-collapse: seperate !important; float: none !important; border-spacing: 0px 0px !important; " align="left">
<tbody style=" aspect-ratio: revert !important; background: revert !important; block-size: revert !important; border: revert !important; bottom: revert !important; color: revert !important; color-scheme: revert !important; content-visibility: revert !important; cursor: revert !important; direction: revert !important; display: revert !important; font-size: revert !important; height: revert !important; hyphens: revert !important; letter-spacing: revert !important; line-height: revert !important; margin: revert !important; opacity: revert !important; order: revert !important; outline: revert !important; overflow: revert !important; padding: revert !important; position: revert !important; resize: revert !important; rotate: revert !important; scale: revert !important; tab-size: revert !important; table-layout: revert !important; text-align: revert !important; text-indent: revert !important; text-orientation: revert !important; text-overflow: revert !important; text-shadow: revert !important; text-transform: revert !important; text-wrap: revert !important; top: revert !important; transition: revert !important; user-select: revert !important; vertical-align: revert !important; visibility: revert !important; white-space: revert !important; width: revert !important; word-break: revert !important; word-spacing: revert !important; writing-mode: revert !important; zoom: revert !important; display: block !important; ">
<tr style=" aspect-ratio: revert !important; background: revert !important; block-size: revert !important; border: revert !important; bottom: revert !important; color: revert !important; color-scheme: revert !important; content-visibility: revert !important; cursor: revert !important; direction: revert !important; display: revert !important; font-size: revert !important; height: revert !important; hyphens: revert !important; letter-spacing: revert !important; line-height: revert !important; margin: revert !important; opacity: revert !important; order: revert !important; outline: revert !important; overflow: revert !important; padding: revert !important; position: revert !important; resize: revert !important; rotate: revert !important; scale: revert !important; tab-size: revert !important; table-layout: revert !important; text-align: revert !important; text-indent: revert !important; text-orientation: revert !important; text-overflow: revert !important; text-shadow: revert !important; text-transform: revert !important; text-wrap: revert !important; top: revert !important; transition: revert !important; user-select: revert !important; vertical-align: revert !important; visibility: revert !important; white-space: revert !important; width: revert !important; word-break: revert !important; word-spacing: revert !important; writing-mode: revert !important; zoom: revert !important; ">
<td valign="middle" width="1px" bgcolor="#A6A6A6" cellpadding="7px 2px 7px 2px" style=" aspect-ratio: revert !important; background: revert !important; block-size: revert !important; border: revert !important; bottom: revert !important; color: revert !important; color-scheme: revert !important; content-visibility: revert !important; cursor: revert !important; direction: revert !important; display: revert !important; font-size: revert !important; height: revert !important; hyphens: revert !important; letter-spacing: revert !important; line-height: revert !important; margin: revert !important; opacity: revert !important; order: revert !important; outline: revert !important; overflow: revert !important; padding: revert !important; position: revert !important; resize: revert !important; rotate: revert !important; scale: revert !important; tab-size: revert !important; table-layout: revert !important; text-align: revert !important; text-indent: revert !important; text-orientation: revert !important; text-overflow: revert !important; text-shadow: revert !important; text-transform: revert !important; text-wrap: revert !important; top: revert !important; transition: revert !important; user-select: revert !important; vertical-align: revert !important; visibility: revert !important; white-space: revert !important; width: revert !important; word-break: revert !important; word-spacing: revert !important; writing-mode: revert !important; zoom: revert !important; padding: 7px 2px 7px 2px !important; background-color: #A6A6A6 !important; valign: middle !important; width: 0px !important; ">
<br>
</td>
<td valign="middle" width="100%" bgcolor="#EAEAEA" cellpadding="7px 5px 7px 15px" style=" aspect-ratio: revert !important; background: revert !important; block-size: revert !important; border: revert !important; bottom: revert !important; color: revert !important; color-scheme: revert !important; content-visibility: revert !important; cursor: revert !important; direction: revert !important; display: revert !important; font-size: revert !important; height: revert !important; hyphens: revert !important; letter-spacing: revert !important; line-height: revert !important; margin: revert !important; opacity: revert !important; order: revert !important; outline: revert !important; overflow: revert !important; padding: revert !important; position: revert !important; resize: revert !important; rotate: revert !important; scale: revert !important; tab-size: revert !important; table-layout: revert !important; text-align: revert !important; text-indent: revert !important; text-orientation: revert !important; text-overflow: revert !important; text-shadow: revert !important; text-transform: revert !important; text-wrap: revert !important; top: revert !important; transition: revert !important; user-select: revert !important; vertical-align: revert !important; visibility: revert !important; white-space: revert !important; width: revert !important; word-break: revert !important; word-spacing: revert !important; writing-mode: revert !important; zoom: revert !important; width: 100% !important; background-color: #EAEAEA !important; padding: 7px 5px 7px 15px !important; font-family: wf_segoe-ui_normal, Segoe UI, Segoe WP, Tahoma, Arial, sans-serif !important; font-size: 12px !important; font-weight: normal !important; color: #212121 !important; text-align: left !important; word-wrap: break-word !important; ">
<div style=" aspect-ratio: revert !important; background: revert !important; block-size: revert !important; border: revert !important; bottom: revert !important; color: revert !important; color-scheme: revert !important; content-visibility: revert !important; cursor: revert !important; direction: revert !important; display: revert !important; font-size: revert !important; height: revert !important; hyphens: revert !important; letter-spacing: revert !important; line-height: revert !important; margin: revert !important; opacity: revert !important; order: revert !important; outline: revert !important; overflow: revert !important; padding: revert !important; position: revert !important; resize: revert !important; rotate: revert !important; scale: revert !important; tab-size: revert !important; table-layout: revert !important; text-align: revert !important; text-indent: revert !important; text-orientation: revert !important; text-overflow: revert !important; text-shadow: revert !important; text-transform: revert !important; text-wrap: revert !important; top: revert !important; transition: revert !important; user-select: revert !important; vertical-align: revert !important; visibility: revert !important; white-space: revert !important; width: revert !important; word-break: revert !important; word-spacing: revert !important; writing-mode: revert !important; zoom: revert !important; ">
Some people who received this message don't
often get email from <a class="moz-txt-link-abbreviated" href="mailto:timjacomb1@gmail.com">timjacomb1@gmail.com</a>.
<a href="https://aka.ms/LearnAboutSenderIdentification" style="background: revert !important;color: revert !important;content-visibility: revert !important;direction: revert !important;display: revert !important;font-size: revert !important;opacity: revert !important;rotate: revert !important;scale: revert !important;visibility: revert !important;" moz-do-not-send="true">
Learn why this is important</a> </div>
</td>
<td valign="middle" align="left" width="75px" bgcolor="#EAEAEA" cellpadding="7px 5px 7px 5px" style=" aspect-ratio: revert !important; background: revert !important; block-size: revert !important; border: revert !important; bottom: revert !important; color: revert !important; color-scheme: revert !important; content-visibility: revert !important; cursor: revert !important; direction: revert !important; display: revert !important; font-size: revert !important; height: revert !important; hyphens: revert !important; letter-spacing: revert !important; line-height: revert !important; margin: revert !important; opacity: revert !important; order: revert !important; outline: revert !important; overflow: revert !important; padding: revert !important; position: revert !important; resize: revert !important; rotate: revert !important; scale: revert !important; tab-size: revert !important; table-layout: revert !important; text-align: revert !important; text-indent: revert !important; text-orientation: revert !important; text-overflow: revert !important; text-shadow: revert !important; text-transform: revert !important; text-wrap: revert !important; top: revert !important; transition: revert !important; user-select: revert !important; vertical-align: revert !important; visibility: revert !important; white-space: revert !important; width: revert !important; word-break: revert !important; word-spacing: revert !important; writing-mode: revert !important; zoom: revert !important; width: 75px !important; background-color: #EAEAEA !important; padding: 7px 5px 7px 5px !important; font-family: wf_segoe-ui_normal, Segoe UI, Segoe WP, Tahoma, Arial, sans-serif !important; font-size: 12px !important; font-weight: normal !important; color: #212121 !important; text-align: left !important; word-wrap: break-word !important; align: left !important; ">
<br>
</td>
</tr>
</tbody>
</table>
<div><!-- Yellow caution banner -->
<table border="0" cellspacing="0" cellpadding="0" align="left" width="100%">
<tbody>
<tr>
<!-- Remove the next line if you don't want the Yellow bar on the left side -->
<td style="background:#ffb900;padding:5pt 2pt 5pt 2pt"><br>
</td>
<td width="100%" cellpadding="7px 6px 7px 15px" style="background:#fff8e5;padding:5pt 4pt 5pt 11pt;word-wrap:break-word">
<div style="color:#222222;"><span style="color:#222; font-weight:bold;">Caution:</span>
This email originated from outside of the
organization. Do not click links or open
attachments unless you recognize the sender
and know the content is safe.
</div>
</td>
</tr>
</tbody>
</table>
<br>
<div>
<div dir="ltr">Hi Sean
<div><br>
</div>
<div>I don't have access to add to the bug report,
but I've attached to the GitHub pull request
here:</div>
<div><a href="https://github.com/openjdk/jdk/pull/22911#issuecomment-2586577905" moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/openjdk/jdk/pull/22911#issuecomment-2586577905</a></div>
<div><br>
</div>
<div>(this can also be reproduced with this
repository: <a href="https://github.com/timja/openjdk-intermediate-ca-reproducer" moz-do-not-send="true" class="moz-txt-link-freetext">
https://github.com/timja/openjdk-intermediate-ca-reproducer</a>)</div>
<div><br>
</div>
<div>Thanks</div>
<div>Tim</div>
</div>
<br>
<div class="gmail_quote gmail_quote_container">
<div dir="ltr" class="gmail_attr">On Thu, 9 Jan
2025 at 20:56, Sean Mullan <<a href="mailto:sean.mullan@oracle.com" moz-do-not-send="true" class="moz-txt-link-freetext">sean.mullan@oracle.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
On 1/8/25 4:06 AM, Tim Jacomb wrote:<br>
> TLS handshake fails with PKIX path building
error.<br>
> <br>
> Chain is Root -> Intermediate -> Leaf
in the runnable example although <br>
> in our real-world use-case its Root ->
Intermediate 1 -> Intermediate 2 <br>
> -> Leaf<br>
> If I run the example only with Root ->
Leaf then it works fine...<br>
<br>
It would be helpful if you can attach two
logfiles (assuming the info <br>
isn't sensitive) to the bug report[1], one
running with <br>
-Djavax.net.debug=all and the other with
-Djava.security.debug=certpath.<br>
<br>
Thanks,<br>
Sean<br>
<br>
[1] <a href="https://bugs.openjdk.org/browse/JDK-8347067" rel="noreferrer" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">
https://bugs.openjdk.org/browse/JDK-8347067</a><br>
<br>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
</body>
</html>