Alexey,
Given your experience with implementing
https://bugs.openjdk.org/browse/JDK-8320362, is this something you would
be interested in working on?
Tim, any progress on the OCA?
Thanks,
Sean
On 1/13/25 2:47 PM, Alexey Bakhtin wrote:
Hello Sean, Tim
I've attached logs to the JDK-8347067, created based on Tim’s report.
As you mentioned already, the issue happens because the TLS server
sends truncated chain without CA intermediate certificates.
In my understanding, it should not be a problem if the Root and CA
intermediate are stored in the KeychainStore.
According to the Apple spec CA intermediate can be stored without
trust settings but is considered trusted if validated to the root cert.
Regards
Alexey
On 13 Jan 2025, at 01:21, Tim Jacomb <timjaco...@gmail.com> wrote:
Some people who received this message don't often get email from
timjaco...@gmail.com. Learn why this is important
<https://aka.ms/LearnAboutSenderIdentification>
Caution: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender
and know the content is safe.
Hi Sean
I don't have access to add to the bug report, but I've attached to
the GitHub pull request here:
https://github.com/openjdk/jdk/pull/22911#issuecomment-2586577905
(this can also be reproduced with this repository:
https://github.com/timja/openjdk-intermediate-ca-reproducer)
Thanks
Tim
On Thu, 9 Jan 2025 at 20:56, Sean Mullan <sean.mul...@oracle.com> wrote:
On 1/8/25 4:06 AM, Tim Jacomb wrote:
> TLS handshake fails with PKIX path building error.
>
> Chain is Root -> Intermediate -> Leaf in the runnable example
although
> in our real-world use-case its Root -> Intermediate 1 ->
Intermediate 2
> -> Leaf
> If I run the example only with Root -> Leaf then it works fine...
It would be helpful if you can attach two logfiles (assuming the
info
isn't sensitive) to the bug report[1], one running with
-Djavax.net.debug=all and the other with
-Djava.security.debug=certpath.
Thanks,
Sean
[1] https://bugs.openjdk.org/browse/JDK-8347067
