https://bz.apache.org/bugzilla/show_bug.cgi?id=63205
Bug ID: 63205
Summary: Unable to load certificate store on openjdk
Product: Tomcat 9
Version: unspecified
Hardware: Other
OS: other
Status: NEW
Severity: normal
Priority: P2
Component: Util
Assignee: dev@tomcat.apache.org
Reporter: fafar...@gmail.com
Target Milestone: -----
See https://bugs.openjdk.java.net/browse/JDK-8157404
If key store is loaded non-locally, it is possible that initialisation fails
with "not all indef len BER resolved". This is due to a limitation in openjdk
where the whole contents need to be available in the stream when it is passed
to the jdk keystore.
Current workaround is to load the stream yourself into a bytearraystream and
pass it through as an inputstream. Tested with tomcat 8.0.54, but the code is
the same on 9.0.x
Stack trace:
stack trace for apache bug reporting
Faragó, Tamás
to me
0 minutes agoDetails
Caused by: java.io.IOException: not all indef len BER resolved
at
sun.security.util.DerIndefLenConverter.convert(DerIndefLenConverter.java:340)
at sun.security.util.DerValue.init(DerValue.java:402)
at sun.security.util.DerValue.<init>(DerValue.java:332)
at sun.security.util.DerValue.<init>(DerValue.java:345)
at
sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1938)
at java.security.KeyStore.load(KeyStore.java:1445)
at
org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:159)
at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204)
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113)
... 65 common frames omitted
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
