OpenJDK

SSLHandshakeException on https://svn.codehaus.org

Bug #510606 reported by Luis Arias on 2010-01-21

This bug affects 2 people

	Status	Importance	Assigned to
OpenJDK	New	Undecided	Unassigned
SVNKit	Invalid	Unknown	auto-svnkit.com #347
openjdk-6 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

The bug reported here on svnkit has been determined to be an OpenJDK bug which is present in karmic but not in intrepid (I believe it is present in jaunty too).

http://svnkit.com/tracker/view.php?id=347

Original svnkit post

Using svnkit 1.3.2 I get the following exception when doing a checkout on the codehaus.org svn repo:

jsvn co https://svn.codehaus.org/grails-plugins/grails-wordpress/trunk [^] grails-wordpress

Dec 12, 2009 8:47:25 AM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
FINE: NETWORK: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1693)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:952)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1132)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    at org.tmatesoft.svn.core.internal.util.SVNLogOutputStream.flush(SVNLogOutputStream.java:48)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:227)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:166)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:348)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:274)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:262)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:516)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:98)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:999)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.getLatestRevision(DAVRepository.java:178)
    at org.tmatesoft.svn.core.wc.SVNBasicClient.getRevisionNumber(SVNBasicClient.java:482)
    at org.tmatesoft.svn.core.wc.SVNBasicClient.getLocations(SVNBasicClient.java:873)
    at org.tmatesoft.svn.core.wc.SVNBasicClient.createRepository(SVNBasicClient.java:534)
    at org.tmatesoft.svn.core.wc.SVNUpdateClient.doCheckout(SVNUpdateClient.java:893)
    at org.tmatesoft.svn.cli.svn.SVNCheckoutCommand.run(SVNCheckoutCommand.java:99)
    at org.tmatesoft.svn.cli.AbstractSVNCommandEnvironment.run(AbstractSVNCommandEnvironment.java:134)
    at org.tmatesoft.svn.cli.AbstractSVNLauncher.run(AbstractSVNLauncher.java:81)
    at org.tmatesoft.svn.cli.svn.SVN.main(SVN.java:26)

Bug Watch Updater (bug-watch-updater) on 2010-01-22

Changed in svnkit:
status:	Unknown → In Progress

Revision history for this message

Matthias Klose (doko) wrote on 2010-03-22:

from the svnkit report:

"Thank you for investigating this! It is known that OpenJDK contains SSL implementation different from those in Sun's JDK and former may not work properly with certain servers/certificates."

please could you recheck this with lucid?

Changed in openjdk-6 (Ubuntu):
status:	New → Incomplete

Revision history for this message

Luis Arias (kaaloo) wrote on 2010-03-23:

Sure, I just did with svnkit 1.3.2 and today's OpenJDK update on lucid and it works fine ! :)

luis@persephone:~/opt/svnkit-1.3.2.6267$ java -version
java version "1.6.0_18"
OpenJDK Runtime Environment (IcedTea6 1.8pre) (6b18~pre3-0ubuntu1)
OpenJDK 64-Bit Server VM (build 16.0-b13, mixed mode)

Revision history for this message

Matthias Klose (doko) wrote on 2010-03-23:

> Sure, I just did with svnkit 1.3.2 and today's OpenJDK update
> on lucid and it works fine ! :)

thanks for checking

Changed in openjdk-6 (Ubuntu):
status:	Incomplete → Fix Released

Bug Watch Updater (bug-watch-updater) on 2010-05-09

Changed in svnkit:
status:	In Progress → Invalid

Revision history for this message

Henrik Bach (bach-henrik) wrote on 2010-07-09:

Download full text (4.8 KiB)

This doesn't seem to be fixed, due to when I run

ec2-describe-images -o self -o amazon
Unexpected error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1639)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:215)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:209)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1033)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:146)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:546)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1140)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121)
at java.io.FilterOutputStream.write(FilterOutputStream.java:97)
at org.apache.commons.httpclient.methods.ByteArrayRequestEntity.writeRequest(ByteArrayRequestEntity.java:89)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.codehaus.xfire.transport.http.CommonsHttpMessageSender.send(CommonsHttpMessageSender.java:369)
at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:123)
at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
at org.codehaus.xfire.client.Client.invoke(Client.java:336)
at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
at $Proxy12.describeImages(Unknown Source)
at com.amazon.aes.webservices.client.Jec2.describeImages(Jec2.java:485)
at com.amazon.aes.webservices.client.cmd.DescribeImages.invokeOnline(DescribeImages.java:160)
at com.amazon.aes.webservices.client.cmd.BaseCmd.invoke(BaseCmd.java:742)
at com.amazon.aes.webservices.client.cmd.DescribeImages.main(DescribeImages.java:171)
Caused by...

This doesn't seem to be fixed, due to when I run

ec2-describe-images -o self -o amazon
Unexpected error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1639)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:215)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:209)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1033)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:146)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:546)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:482)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1140)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:643)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
	at java.io.BufferedOutputStream.write(BufferedOutputStream.java:121)
	at java.io.FilterOutputStream.write(FilterOutputStream.java:97)
	at org.apache.commons.httpclient.methods.ByteArrayRequestEntity.writeRequest(ByteArrayRequestEntity.java:89)
	at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:495)
	at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1973)
	at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
	at org.codehaus.xfire.transport.http.CommonsHttpMessageSender.send(CommonsHttpMessageSender.java:369)
	at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:123)
	at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
	at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
	at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
	at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
	at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
	at org.codehaus.xfire.client.Client.invoke(Client.java:336)
	at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
	at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
	at $Proxy12.describeImages(Unknown Source)
	at com.amazon.aes.webservices.client.Jec2.describeImages(Jec2.java:485)
	at com.amazon.aes.webservices.client.cmd.DescribeImages.invokeOnline(DescribeImages.java:160)
	at com.amazon.aes.webservices.client.cmd.BaseCmd.invoke(BaseCmd.java:742)
	at com.amazon.aes.webservices.client.cmd.DescribeImages.main(DescribeImages.java:171)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:302)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:205)
	at sun.security.validator.Validator.validate(Validator.java:235)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1012)
	... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:297)
	... 38 more

My java environment on Ubuntu 10.01 is this:

$ aptitude search jre
i   default-jre                     - Standard Java or Java compatible Runtime  
i A default-jre-headless            - Standard Java or Java compatible Runtime (
...
i A icedtea-6-jre-cacao             - Alternative JVM for OpenJDK, using Cacao  
...
i A openjdk-6-jre                   - OpenJDK Java runtime, using Hotspot JIT   
i A openjdk-6-jre-headless          - OpenJDK Java runtime, using Hotspot JIT (h
i A openjdk-6-jre-lib               - OpenJDK Java runtime (architecture indepen
...

-Henrik

Revision history for this message

Henrik Bach (bach-henrik) wrote on 2010-07-09:

It was Ubuntu 10.04.

Revision history for this message

Henrik Bach (bach-henrik) wrote on 2010-07-09:

More detailed version for java:

$ java -version
java version "1.6.0_18"
OpenJDK Runtime Environment (IcedTea6 1.8) (6b18-1.8-0ubuntu2)
OpenJDK Server VM (build 14.0-b16, mixed mode)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

auto-svnkit.com #347
[closed: not fixable] Edit

Bug watches keep track of this bug in other bug trackers.