← Back to team overview

openjdk team mailing list archive

  1. openjdk team
  2. Mailing list archive
  3. Message #02018

[Bug 392104] Re: [Karmic] Update to ca-certificates 20090624 prevents ca-certificates-java from installing

  Thread PreviousDate PreviousThread Next 
We could use openssl in jks-keystore.hook to decode proposed .pem
contents and specifically exclude the one(s) with:

Signature Algorithm: 1.2.840.10045.4.3.3

(which maps to SHA384withECDSA according to http://javadoc.iaik.tugraz.at/cms_smime/current/iaik/cms/CMSAlgorithmID.html)
I'm just unsure that would be the only one we would want to exclude...

-- 
[Karmic] Update to ca-certificates 20090624 prevents ca-certificates-java from installing
https://bugs.launchpad.net/bugs/392104
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in Iced Tea: Confirmed
Status in “ca-certificates” package in Ubuntu: Confirmed
Status in “ca-certificates-java” package in Ubuntu: New
Status in “openjdk-6” package in Ubuntu: New
Status in “ca-certificates-java” package in Debian: New

Bug description:
Binary package hint: ca-certificates

Recent update to ca-certificates 20090624 breaks ca-certificates-java installation, currently preventing all Java-based builds in karmic from succeeding (ca-certificates-java is required by default-jdk, so default-jdk cannot be installed as a build dependency).

Note that you should also get ca-certificates upgrade errors on systems where ca-certificates-java is already installed.

Here is the buildlog error:

Setting up ca-certificates-java (20081028) ...
creating /etc/ssl/certs/java/cacerts...
Certificate was added to keystore
  added certificate cacert.org/cacert.org.crt
Certificate was added to keystore
  added certificate gouv.fr/cert_igca_dsa.crt
Certificate was added to keystore
  added certificate gouv.fr/cert_igca_rsa.crt
keytool error: java.security.NoSuchAlgorithmException: SHA384withECDSA Signature not available
  error adding mozilla/COMODO_ECC_Certification_Authority.crt
Certificate was added to keystore
  added certificate mozilla/DigiNotar_Root_CA.crt
Certificate was added to keystore
  added certificate mozilla/Network_Solutions_Certificate_Authority.crt
Certificate was added to keystore
  added certificate mozilla/WellsSecure_Public_Root_Certificate_Authority.crt
failed.
dpkg: error processing ca-certificates-java (--configure):
 subprocess post-installation script returned error exit status 1

Apparently the addition of mozilla/COMODO_ECC_Certification_Authority.crt doesn't please ca-certificates-java since it doesn't know how to handle SHA384withECDSA signatures. I guess this can either be fixed in ca-certificates or ca-certificates-java, so I'll pull both as affected.

Follow ups

References

  Thread PreviousDate PreviousThread Next