Skip to content

timja/openjdk-intermediate-ca-reproducer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
bin
bin
 
 
ca
ca
 
 
content
content
 
 
docker
docker
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Main.java
Main.java
 
 
README.md
README.md
 
 
compose.yml
compose.yml
 
 

Repository files navigation

Reproduce Java Chain issue

Requirements:

  • On a Mac
  • Docker
  • Docker compose
  • OpenSSL

Create certificates

./bin/setup.sh
docker compose up

Configure certificate trust

Install the root and intermediate certs to your Keychain. Your user keychain is fine (login).

If you double click the cert it may try use your system one which is ok but may not work if you don't have admin access. Instead you can just drag and drop the certificates into the keychain.

Double click the root in the keychain and expand the trust section and set to "Always Trust".

Then open the URL in your browser and validate its trusted: https://localhost:8443

You should see a page with "Hello, World!".

Run with Java

java Main.java https://localhost:8443 KeychainStore

Expected with Java 23

Exception in thread "main" java.lang.RuntimeException: Test failed:
	at Main.main(Main.java:36)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Expected with openjdk/jdk#22911

Command:

/Users/timja/projects/jdk/build/macosx-aarch64-server-release/jdk/bin/java Main.java https://localhost:8443 KeychainStore

Output:

timja-intermediate
timja-root
size:<some number>
Success

About

No description, website, or topics provided.

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages