Package: ca-certificates-java Version: 20170930 Severity: important Hello,
I am getting an error when connecting to HTTPS from java. Looking around the problem always seems to talk about this package, but please re-assign if something else is to blame. Testing with the following code (I don't really know any Java and it's the first thing I found to test with): https://gist.github.com/4ndrej/4547029 ``` borisov@glossy:~ $ java SSLPoke google.com 443 javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214) at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1969) at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1921) at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1904) at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1830) at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71) at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:81) at SSLPoke.main(SSLPoke.java:23) Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:89) at java.base/sun.security.validator.Validator.getInstance(Validator.java:181) at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133) at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947) at java.base/sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1777) at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:264) at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1092) at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026) at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137) at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074) at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402) at java.base/sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:733) at java.base/sun.security.ssl.AppOutputStream.write(AppOutputStream.java:67) ... 2 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) at java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:86) ... 18 more ``` I have tried "sudo update-ca-certificates -f" but that did not help. Thanks, George -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ca-certificates-java depends on: ii ca-certificates 20170717 ii default-jre-headless [java8-runtime-headless] 2:1.9-63 ii libnss3 2:3.35-2 ii openjdk-9-jre-headless [java8-runtime-headless] 9.0.4+12-4 ca-certificates-java recommends no packages. ca-certificates-java suggests no packages. -- Configuration Files: /etc/default/cacerts [Errno 13] Permission denied: '/etc/default/cacerts' -- debconf-show failed