https://bz.apache.org/bugzilla/show_bug.cgi?id=63205
Bug ID: 63205 Summary: Unable to load certificate store on openjdk Product: Tomcat 9 Version: unspecified Hardware: Other OS: other Status: NEW Severity: normal Priority: P2 Component: Util Assignee: dev@tomcat.apache.org Reporter: fafar...@gmail.com Target Milestone: ----- See https://bugs.openjdk.java.net/browse/JDK-8157404 If key store is loaded non-locally, it is possible that initialisation fails with "not all indef len BER resolved". This is due to a limitation in openjdk where the whole contents need to be available in the stream when it is passed to the jdk keystore. Current workaround is to load the stream yourself into a bytearraystream and pass it through as an inputstream. Tested with tomcat 8.0.54, but the code is the same on 9.0.x Stack trace: stack trace for apache bug reporting Faragó, Tamás to me 0 minutes agoDetails Caused by: java.io.IOException: not all indef len BER resolved at sun.security.util.DerIndefLenConverter.convert(DerIndefLenConverter.java:340) at sun.security.util.DerValue.init(DerValue.java:402) at sun.security.util.DerValue.<init>(DerValue.java:332) at sun.security.util.DerValue.<init>(DerValue.java:345) at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1938) at java.security.KeyStore.load(KeyStore.java:1445) at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:159) at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204) at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113) ... 65 common frames omitted -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org