Thanks Xuelei for the reply! So is this order required in OpenJDK-6 specifically? Because, things are working fine with OpenJDK-7 and SunJDK 6-7 on client side with the same server.
~Hitesh On Wed, Sep 12, 2012 at 3:43 PM, Xuelei Fan <xuelei....@oracle.com> wrote: > Per the request of SSL/TLS protocols, see section 7.2 of RFC5246: > > certificate_list > This is a sequence (chain) of certificates. The sender's > certificate MUST come first in the list. Each following > certificate MUST directly certify the one preceding it. > > From the logs, the server, www.elabs11.com, does not send the > certificate list compliant with above spec. The certificate list in the > server side is out-of-order, the following certificate does not certify > the one preceding it. > > Xuelei > > > Hi, > > > > I have a JAVA Springs web application, which talks to external services > > over HTTPS, using 'javax.net.ssl.HttpsURLConnection'. It used to work > > fine since ages, but starting with 14th August 2012, its throwing > > 'SSLPeerUnverifiedException' for 'https://www.elabs11.com'. The issue > > seems particularly with OpenJDK-6. It's working fine with Sun-6-JDK and > > OpenJDK-7. > > > > Here is my Java configuration: > > /java version "1.6.0_24" > > OpenJDK Runtime Environment (IcedTea6 1.11.4) > > (6b24-1.11.4-1ubuntu0.12.04.1) > > OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) / > > > > There was one build (34th) rolled out on 14th Aug > > (http://en.wikipedia.org/wiki/Java_version_history#Java_6_updates), but > > my OpenJDK is running 24th build. (/May be just a coincidence/) > > > > PFA my application logs with OpenJDK-6, OpenJDK-7 and SunJDK-6. I have > > also attached the sample Java code I am testing with. > > > > Any pointer in this regard will be appreciated. > > > > Thanks, > > Hitesh > > > > > > -- Hitesh Bhanushali
