Ubuntu
openjdk-lts package

Java can't connect to https sites

Bug #1768799 reported by Peter Hull
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openjdk-lts (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

My original problem was that leiningen was not able to download a project's dependencies, instead it gave errors containing "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"

I have verified this with a minimal Java program (attached)

Expected behaviour: reads and prints the first line of the Leiningen README from github (nothing significant about this file except that it is accessible via https)

Actual behaviour: error report (attached, first few line reproduced below)
Exception in thread "main" javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
 at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214)
 at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1974)
 at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1926)

I have checked that I get the expected behaviour on Windows

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openjdk-11-jdk 10.0.1+10-3ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: LXDE
Date: Thu May 3 11:14:28 2018
InstallationDate: Installed on 2018-04-03 (29 days ago)
InstallationMedia: Lubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
SourcePackage: openjdk-lts
UpgradeStatus: Upgraded to bionic on 2018-04-27 (5 days ago)

Revision history for this message
Peter Hull (peterhull90) wrote :
Revision history for this message
Peter Hull (peterhull90) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openjdk-lts (Ubuntu):
status: New → Confirmed
Revision history for this message
Cd-MaN (panther79) wrote :

I can confirm that this affects a clean install of Ubuntu 18.04. Steps to reproduce:

- install Ubuntu 18.04. Fully update it
- install "default-jdk" (sudo apt install default-jdk)
- try running the very simple attached program which tries to retrieve "https://www.google.com"
- it fails with javax.net.ssl.SSLException (see the complete stacktrace in the attachment)

Workaround: remove default-jdk, install openjdk-8, remove openjdk-8 and reinstall default-jdk:

sudo apt purge openjdk-default java-common
sudo apt purge default-jdk java-common
sudo apt install openjdk-8-jre
sudo apt purge openjdk-8-jre
sudo apt install default-jdk

Revision history for this message
Cd-MaN (panther79) wrote :
Revision history for this message
Tiago Stürmer Daitx (tdaitx) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I'm marking this as a duplicate of bug #1739631 since the issue is caused by ca-certificates-java.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.