JESSIE - SSL BAD_CERTIFICATE Exception

Jary Grove jarygrove@yahoo.com
Mon Oct 20 22:09:00 GMT 2008 

Any quick fix? 
I am compiling Jessie from the source and will be able to plug in the changes easily, if you can give me some pointers on how to ignore this error. 
Thanks
Jary
----- Original Message ----
> From: Casey Marshall <casey.s.marshall@gmail.com>
> To: Jary Grove <jarygrove@yahoo.com>
> Cc: java@gcc.gnu.org
> Sent: Monday, October 20, 2008 3:02:20 PM
> Subject: Re: JESSIE - SSL BAD_CERTIFICATE Exception
>> On Sat, Oct 18, 2008 at 2:17 PM, Jary Grove wrote:
> > I am getting the BAD CERTIFICATE exception with jessie, any idea? I am using 
> the latest build.
> >
> > Following is the exception log:
> >
> >
> > SSL HANDSHAKE output to {0}; state:{1}; outBuffer:{2} 
> java.nio.ByteBufferImpl[pos=5 lim=18432 cap=18
> > 432] WRITE_CLIENT_HELLO null
> > SSL HANDSHAKE loop state={0} WRITE_CLIENT_HELLO
> > SSL HANDSHAKE {0} struct {
> >  version: TLSv1.1;
> >  random:
> >  struct {
> >    gmt_unix_time: 1224363825;
> >    random_bytes:  
> 9a:15:99:6d:25:e3:04:7c:ff:3a:12:e1:ff:19:b1:f6:61:07:a3:2e:57:cc:aa:db:dd:47:82:
> > f5;
> >  } Random;  sessionId: ;
> >  cipher_suites:
> >  [30] {
> >    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> >    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> >    TLS_DH_DSS_WITH_AES_256_CBC_SHA,
> >    TLS_DH_RSA_WITH_AES_256_CBC_SHA,
> >    TLS_RSA_WITH_AES_256_CBC_SHA,
> >    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> >    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> >    TLS_DH_DSS_WITH_AES_128_CBC_SHA,
> >    TLS_DH_RSA_WITH_AES_128_CBC_SHA,
> >    TLS_RSA_WITH_AES_128_CBC_SHA,
> >    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> >    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> >    TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
> >    TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
> >    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> >    TLS_RSA_WITH_RC4_128_MD5,
> >    TLS_RSA_WITH_RC4_128_SHA,
> >    TLS_DHE_DSS_WITH_DES_CBC_SHA,
> >    TLS_DHE_RSA_WITH_DES_CBC_SHA,
> >    TLS_DH_DSS_WITH_DES_CBC_SHA,
> >    TLS_DH_RSA_WITH_DES_CBC_SHA,
> >    TLS_RSA_WITH_DES_CBC_SHA,
> >    TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
> >    TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_RSA_WITH_NULL_MD5,
> >    TLS_RSA_WITH_NULL_SHA
> >  };
> >  compression_methods:
> >  [1] {
> >    NULL
> >  };
> >  extensions:    ExtensionList {
> >      length = 2;
> >    };
> > } ClientHello;
> > SSL HANDSHAKE processing in state {0}:
> > {1} READ_SERVER_HELLO struct {
> >  type: SERVER_HELLO;
> >  struct {
> >    version: TLSv1;
> >    random:
> >    struct {
> >      gmt_unix_time: 1224363827;
> >      random_bytes:  
> 9a:a2:ee:0f:d6:e5:22:22:8d:66:f0:f6:57:c1:a6:60:7e:a1:01:25:df:7e:05:2e:08:1c:c
> > 6:de;
> >    } Random;
> >    sessionId:        
> e1:07:00:00:36:0f:05:21:64:d7:f4:e2:7c:7d:6d:b4:6c:50:7a:9d:26:99:03:e0:bc:23
> > :f9:db:df:09:61:8a;
> >    cipherSuite:      TLS_RSA_WITH_RC4_128_MD5;
> >    compressionMethod: NULL;
> >    extensions:
> >      (nil)
> >  } ServerHello;
> > } Handshake;
> > SSL HANDSHAKE processing in state {0}:
> > {1} READ_CERTIFICATE struct {
> >  type: CERTIFICATE;
> >  struct {
> >    java.security.cert.CertificateException: malformed GeneralName: Tag class 
> is 0;
> > } Certificate;
> > } Handshake;
>> This part looks relevant. It's possible that the X.509 parser in
> classpath/gcj isn't able to properly parse your certificate. In this
> case, it's failing to parse the GeneralName extension.
>> I don't remember the details of ASN.1, DER, and this certificate
> extension, but it's possible this extension blob in your certificate
> isn't correct.
>> One thing that may help this is to change the certificate parser to
> just ignore extensions that it can't parse, leaving them as blobs of
> bytes, unless someone wants to use that extension. X.509 and interop
> is a bag of pain; adding hacks and special cases to handle
> not-quite-correct certificates is something everyone ends up doing.
>> Anyway, I'll call this a bug in our certificate parser.
>> Thanks.
>> > gnu.javax.net.ssl.provider.AlertException: BAD_CERTIFICATE: locally generated; 
> FATAL
> > SSL HANDSHAKE output to {0}; state:{1}; outBuffer:{2} 
> java.nio.ByteBufferImpl[pos=5 lim=18432 cap=18
> > 432] WRITE_CLIENT_HELLO null
> > SSL HANDSHAKE loop state={0} WRITE_CLIENT_HELLO
> > SSL HANDSHAKE {0} struct {
> >  version: TLSv1.1;
> >  random:
> >  struct {
> >    gmt_unix_time: 1224363826;
> >    random_bytes:  
> 84:d5:62:3a:00:a9:d5:c9:3c:fe:13:05:6d:04:10:9e:0e:5b:ae:b7:72:37:b4:ef:f8:56:7d:
> > 79;
> >  } Random;  sessionId: ;
> >  cipher_suites:
> >  [30] {
> >    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
> >    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
> >    TLS_DH_DSS_WITH_AES_256_CBC_SHA,
> >    TLS_DH_RSA_WITH_AES_256_CBC_SHA,
> >    TLS_RSA_WITH_AES_256_CBC_SHA,
> >    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
> >    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> >    TLS_DH_DSS_WITH_AES_128_CBC_SHA,
> >    TLS_DH_RSA_WITH_AES_128_CBC_SHA,
> >    TLS_RSA_WITH_AES_128_CBC_SHA,
> >    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
> >    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
> >    TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
> >    TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
> >    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
> >    TLS_RSA_WITH_RC4_128_MD5,
> >    TLS_RSA_WITH_RC4_128_SHA,
> >    TLS_DHE_DSS_WITH_DES_CBC_SHA,
> >    TLS_DHE_RSA_WITH_DES_CBC_SHA,
> >    TLS_DH_DSS_WITH_DES_CBC_SHA,
> >    TLS_DH_RSA_WITH_DES_CBC_SHA,
> >    TLS_RSA_WITH_DES_CBC_SHA,
> >    TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_RSA_EXPORT_WITH_RC4_40_MD5,
> >    TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
> >    TLS_RSA_WITH_NULL_MD5,
> >    TLS_RSA_WITH_NULL_SHA
> >  };
> >  compression_methods:
> >  [1] {
> >    NULL
> >  };
> >  extensions:    ExtensionList {
> >      length = 2;
> >    };
> > } ClientHello;
> > SSL HANDSHAKE processing in state {0}:
> > {1} READ_SERVER_HELLO struct {
> >  type: SERVER_HELLO;
> >  struct {
> >    version: TLSv1;
> >    random:
> >    struct {
> >      gmt_unix_time: 1224363827;
> >      random_bytes:  
> 36:f4:51:d4:92:23:79:ac:41:86:d2:ec:29:c8:3b:e8:58:78:72:4e:42:48:0b:27:97:df:5
> > 9:b0;
> >    } Random;
> >    sessionId:        
> d8:03:00:00:cf:90:b3:93:8c:9d:e6:ca:b1:7a:f1:cf:6f:4f:1f:20:ab:86:c8:d9:ff:61
> > :c4:a4:2d:68:b4:0d;
> >    cipherSuite:      TLS_RSA_WITH_RC4_128_MD5;
> >    compressionMethod: NULL;
> >    extensions:
> >      (nil)
> >  } ServerHello;
> > } Handshake;
> > SSL HANDSHAKE processing in state {0}:
> > {1} READ_CERTIFICATE struct {
> >  type: CERTIFICATE;
> >  struct {
> >    java.security.cert.CertificateException: malformed GeneralName: Tag class 
> is 0;
> > } Certificate;
> > } Handshake;
> >
> >
> >
> > Thanks
> > Jary
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam protection around
> > http://mail.yahoo..com
> >
> >

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Java mailing list

AltStyle によって変換されたページ (->オリジナル) /