Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.5.0
-
None
Description
trustCertificateKeyStorePassword alias doesn't seem to work. When using it, it fails with following exception:
Caused by: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
|
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:132)
|
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
|
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
|
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
|
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1708)
|
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:470)
|
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
|
at org.mariadb.jdbc.client.impl.StandardClient.sslWrapper(StandardClient.java:520)
|
at org.mariadb.jdbc.client.impl.StandardClient.<init>(StandardClient.java:185)
|
... 21 common frames omitted
|
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
|
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:97)
|
at java.base/sun.security.validator.Validator.getInstance(Validator.java:173)
|
at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:308)
|
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:183)
|
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:198)
|
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
|
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1302)
|
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1195)
|
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1138)
|
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
|
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
|
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
|
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
|
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
|
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
|
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
|
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
|
... 24 common frames omitted
|
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
|
at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
|
at java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
|
at java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
|
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:94)
|
... 40 common frames omitted
|
When trustStorePassword is used instead of trustCertificateKeyStorePassword, everything starts to work.