retitle -1 ca-certificates-java: does not work with OpenJDK 9, applications 
fail with InvalidAlgorithmParameterException: the trustAnchors parameter must 
be non-empty
severity -1 serious
thanks

Hello,

On Thu, 05 Apr 2018, George B. wrote:
> I am getting an error when connecting to HTTPS from java. Looking around
> the problem always seems to talk about this package, but please
> re-assign if something else is to blame.

I confirm the issue. If you have only OpenJDK 9 installed, then the
/etc/ssl/certs/java/cacerts file generated by the postinst (or the
ca-certificates hook) is not working and will lead to errors like the one
you showed.

Work-around:
$ sudo apt install openjdk-8-jre
$ sudo rm /etc/ssl/certs/java/cacerts
$ sudo update-ca-certificates --fresh

This works because /etc/ca-certificates/update.d/jks-keystore prefers
OpenJDK 8 over OpenJDK 9.

> Testing with the following code (I don't really know any Java and it's
> the first thing I found to test with):
> https://gist.github.com/4ndrej/4547029

This was really useful to debug the issue, thank you! My failing java
application was much bigger and harder to strace.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to