Comments (7)
Hakky54
commented on September 13, 2024
Hi @manbucy
Thank you for the very detailed issue description. It is very helpful when investigating this issue, I really appreciate it!
I have tried this out locally and for me this issue is not happening, see below for the screenshot:
As you can see one certificate is loaded and also visible within the trustmanager of the sslcontext.
I think this issue is caused by CertificateUtils not being able to find the certificate on your classpath, but to be sure I need to ask if you can retry something on your side. Can you put the statement of CertificateUtils on a separate line and check whether the list is empty or has elements? So basically the following snippet:
List<Certificate> certificates = CertificateUtils.loadCertificate("ca.crt");
SSLFactory sslFactory = SSLFactory.builder()
.withTrustMaterial(certificates)
.build();
from sslcontext-kickstart.
manbucy
commented on September 13, 2024
@Hakky54 Thank you for your replyοΌ i have put the statement of CertificateUtils on a separate line, but the trustedCerts is still emply.
but when i use jdk11, I found the sslcontext become correct.
sun.security.pkcs12.PKCS12KeyStore.setCertEntry(String alias, Certificate cert, Set<Attribute> attributes)
from sslcontext-kickstart.
manbucy
commented on September 13, 2024
JDK-10+0 and previous versions are entries.put(alias, certEntry); source code
JDK-10+1 and later versions are entries.put(alias.toLowerCase(Locale.ENGLISH), certEntry); source code
from sslcontext-kickstart.
Hakky54
commented on September 13, 2024
I tried jdk 1.8.0_302 which did not have this issue. I currently don't have my dev environment next to me, so i will come back to you in 4 hours and try out with jdk 1.8.0_202 locally
from sslcontext-kickstart.
Hakky54
commented on September 13, 2024
I have retried it with jdk 1.8.0_202 and indeed that issue is present over there and your PR changes fixes it. Very well investigated! I am amazed for your detailed research. Thank you very much for this issue and pull request. I have approved the PR and merged it.
Just out of curiosity, why are you using jdk 1.8.0_202 and not using the latest version of jdk 1.8?
from sslcontext-kickstart.
manbucy
commented on September 13, 2024
Just out of curiosity, why are you using jdk 1.8.0_202 and not using the latest version of jdk 1.8?
This JDK1.8.0_202 was installed in 2019 when it was the latest version and I haven't updated it since. Jdk1.8.0_202, on the other hand, is the last OTN License release that many companies will choose.
from sslcontext-kickstart.
Hakky54
commented on September 13, 2024
Yes, very understandable and I didn't know about the OTN license!
I have just released your fix which is now available at version 7.4.1. Good luck, please let me know if you have any other improvements π
from sslcontext-kickstart.
Related Issues (20)
- Dependency on bcpkix-jdk15on introduces vulnerability CVE-2023-33201 HOT 2
- Disable "Acceptable client certificate CA names" on MTLS client connect.
- Hostname verifier doesn't work with JDK Http Client HOT 4
- No available authentication scheme HOT 8
- Add Support For `withoutProtocols` + `withoutCiphers` HOT 3
- Question about Classic Configuration Migration HOT 18
- When using pem utils v8.2.0 dependency in android, Duplicate class error in org.bouncycastle HOT 3
- Loading the keystore takes a very long time in some rare cases HOT 9
- JDK9+ jdeps error HOT 6
- Implementing Dynamic SSL Pinning Using Base64 Encoded Server Certificate? HOT 6
- PKIX path building failed (client-side) when using certificates from Let's Encyrpt HOT 9
- aarch64 macOS runner support HOT 6
- FTPs - None of the TrustManagers trust this certificate chain HOT 3
- Loading of System-Certificates takes long or forever when USB-Token Software is installed. HOT 8
- Trust Anchor not found on Android HOT 10
- Remove too verbose logs when loading system certificates HOT 7
- LoggingX509ExtendedTrustManager should log CertificateException HOT 3
- Add abiilty to load JDK cacerts file HOT 6
- Is SSLFactory thread safe? HOT 2
- Remove `bouncycastle` deps for `sslcontext-kickstart-for-pem` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslcontext-kickstart.