openjdk team mailing list archive

Thread
Date

Bug#534520: ca-certificates: keytool error: java SHA384withECDSA Signature not available

To: 534520@xxxxxxxxxxxxxxx, ca-certificates-java@xxxxxxxxxxxxxxx
From: Philipp Kern <pkern@xxxxxxxxxx>
Date: Thu, 25 Jun 2009 08:19:13 +0200
Cc: Drew Parsons <dparsons@xxxxxxxxxx>, 534520@xxxxxxxxxxxxxxx
In-reply-to: <20090625013503.17526.50865.reportbug@pug.anu.edu.au>
Organization: The Debian Project (http://www.debian.org)
Reply-to: Philipp Kern <pkern@xxxxxxxxxx>, 534520@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>
Resent-date: Thu, 25 Jun 2009 06:21:08 +0000
Resent-date: Thu, 25 Jun 2009 06:21:09 +0000
Resent-from: Philipp Kern <pkern@xxxxxxxxxx>
Resent-message-id: <handler.534520.B534520.124591075623272@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)

Dear maintainer of ca-certificates-java,

On Thu, Jun 25, 2009 at 11:35:03AM +1000, Drew Parsons wrote:
> On the latest upgrade, the following error appeared:
> 
> Setting up ca-certificates (20090624) ...
> Updating certificates in /etc/ssl/certs... 4 added, 2 removed; done.
> Running hooks in /etc/ca-certificates/update.d....
> updating keystore /etc/ssl/certs/java/cacerts...
> keytool error: java.security.NoSuchAlgorithmException: SHA384withECDSA Signature not available
>   error adding /etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
> Certificate was added to keystore
>   added: /etc/ssl/certs/DigiNotar_Root_CA.pem
> Certificate was added to keystore
>   added: /etc/ssl/certs/Network_Solutions_Certificate_Authority.pem
> Certificate was added to keystore
>   added: /etc/ssl/certs/WellsSecure_Public_Root_Certificate_Authority.pem
>   does not exists: /etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem
>   does not exists: /etc/ssl/certs/UTN_USERFirst_Object_Root_CA.pem
> failed.
> E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
> 
> 
> This new version of ca-certificates does appear to be properly
> installed however, so perhaps it's not as important a bug as it sounds?

I am no more considering errors of the hooks as being so serious to tear
down upgrades.  I know that this loses information as you won't get called
with added/removed properly anymore.  On the other hand I'm entirely
unhappy about all the upgrade failures I received in both Debian and
Ubuntu.

Maybe I should state the culprit package though.  I'm just vary of the
dpkg -S impact during upgrades.

(In this case I tested the upgrade with ca-certificates-java, of course,
but my keytool was able to process the Comodo certificate without
problems.)

Kind regards,
Philipp Kern
-- 
 .''`.  Philipp Kern                        Debian Developer
: :' :  http://philkern.de                         Stable Release Manager
`. `'   xmpp:phil@xxxxxxxx                         Wanna-Build Admin
  `-    finger pkern/key@xxxxxxxxxxxxx

Attachment: signature.asc
Description: Digital signature

Follow ups

Bug#534520: ca-certificates: keytool error: java SHA384withECDSA Signature not available
From: Philipp Kern, 2009-06-25