On 9/30/15 2:30 PM, Steve Drach wrote:
Hi Max,
Can you describe if there is any effect on signed jars? Including:
1. Will jarsigner be able to sign such a jar?
The jarsigner from 1.8.0_51 can sign the jar. The jarsigner from jdk9/dev can
not, giving me the error
jarsigner: unable to sign jar: javax.net.ssl.SSLException:
java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors parameter
must be non-empty
I’m unsure what that means, and searching for it has not turned up anything
useful except that it might be limited to Mac OS/X. If anyone can help me
here, I’d appreciate it.
This means it could not find a trusted root CA from the cacerts file to
validate the certificate chain. By default, OpenJDK includes an empty
cacerts file. You need to do a jdk9 build with the closed sources, as
that is where the trusted roots are.
--Sean
