I see.. Thanks a lot Xuelei ! This issue really burnt my huge no. of hours. Appreciate your help !
On Wed, Sep 12, 2012 at 4:11 PM, Xuelei Fan <xuelei....@oracle.com> wrote: > On 9/12/2012 6:37 PM, Hitesh Bhanushali wrote: > > Thanks Xuelei for the reply! > > > > So is this order required in OpenJDK-6 specifically? Because, things are > > working fine with OpenJDK-7 and SunJDK 6-7 on client side with the same > > server. > > > We tolerant out-of-order certificate list [1] in JDK 7, and updated JDK > 6. But the fix has not been backported to OpenJDK 6. > > If it is possible, the server should always use ordered list. Otherwise, > it is not granted to work with all SSL/TLS vendors. > > Xuelei > > [1] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6899503 > > > ~Hitesh > > > > On Wed, Sep 12, 2012 at 3:43 PM, Xuelei Fan <xuelei....@oracle.com > > <mailto:xuelei....@oracle.com>> wrote: > > > > Per the request of SSL/TLS protocols, see section 7.2 of RFC5246: > > > > certificate_list > > This is a sequence (chain) of certificates. The sender's > > certificate MUST come first in the list. Each following > > certificate MUST directly certify the one preceding it. > > > > From the logs, the server, www.elabs11.com <http://www.elabs11.com>, > > does not send the > > certificate list compliant with above spec. The certificate list in > the > > server side is out-of-order, the following certificate does not > certify > > the one preceding it. > > > > Xuelei > > > > > Hi, > > > > > > I have a JAVA Springs web application, which talks to external > > services > > > over HTTPS, using 'javax.net.ssl.HttpsURLConnection'. It used to > work > > > fine since ages, but starting with 14th August 2012, its throwing > > > 'SSLPeerUnverifiedException' for 'https://www.elabs11.com'. The > issue > > > seems particularly with OpenJDK-6. It's working fine with > > Sun-6-JDK and > > > OpenJDK-7. > > > > > > Here is my Java configuration: > > > /java version "1.6.0_24" > > > OpenJDK Runtime Environment (IcedTea6 1.11.4) > > > (6b24-1.11.4-1ubuntu0.12.04.1) > > > OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) / > > > > > > There was one build (34th) rolled out on 14th Aug > > > > > (http://en.wikipedia.org/wiki/Java_version_history#Java_6_updates), > but > > > my OpenJDK is running 24th build. (/May be just a coincidence/) > > > > > > PFA my application logs with OpenJDK-6, OpenJDK-7 and SunJDK-6. I > have > > > also attached the sample Java code I am testing with. > > > > > > Any pointer in this regard will be appreciated. > > > > > > Thanks, > > > Hitesh > > > > > > > > > > > > > > > > -- > > Hitesh Bhanushali > > -- Hitesh Bhanushali
