Ubuntu
ca-certificates package

ca-certificates post-install hook crashes when password is not the default one

Bug #1717256 reported by G.M.
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ca-certificates (Ubuntu)
New
Undecided
Unassigned

Bug Description

As a security measure, we changed the default password of java's keystore.

When updating "ca-certificates" package, this results in:

Running hooks in /etc/ca-certificates/update.d....
org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct?
        at org.debian.security.KeyStoreHandler.load(KeyStoreHandler.java:68)
        at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:52)
        at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
        at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
        at java.security.KeyStore.load(KeyStore.java:1214)
        at org.debian.security.KeyStoreHandler.load(KeyStoreHandler.java:66)
        ... 3 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
        ... 6 more
E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.

Expected behaviour is that hook asks for password (either always or after checking that the default one is not working).

Seth Arnold (seth-arnold)
information type: Private Security → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.