On 05/31/2013 10:24 PM, Martijn Brinkers wrote: > On 05/31/2013 10:21 PM, [email protected] wrote: >> since release 2.5 some certificates fail with "Error building certPath. >> No data available in passed DER encoded value." The Issuer certificates >> are available and shown as valid, Djigzo Version 2.4.x also show the >> certs as valid. Any idea what could be wrong? > > No this is new to me. Can you send me the certificates? Or are you > unable to export them?
The certificate contains invalid data (at least invalid according to RFC 5280). The invalid data was silently ignored with OpenJDK 6 but OpenJDK 7 seems to be more strict (the Virtual Appliance by default uses OpenJDK 6). Details: The IssuerAltName extension is defined in RFC 5280 as: IssuerAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName So there should be at least one GeneralName if the IssuerAltName extension is defined. The certificate in question however contains an empty IssuerAltName sequence. This is not allowed. In Java 6, this was silently discarded but Java 7 seems to be more strict. For a similar report see https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=441801. Kind regards. Martijn Brinkers -- DJIGZO email encryption _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
