Openjdk 1.7.0_131 upgrade breaks d1_libclient_java
I had a piece of java client code which talked with CNs and it worked. However, it stopped working on the second day. I didn't change anything in my code. The error message was the cn list hasn't been initialized.
I turned on the ssl debug and saw the error message:
[junit] main, handling exception: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
[junit] %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
[junit] main, SEND TLSv1.2 ALERT: fatal, description = internal_error
[junit] main, WRITE: TLSv1.2 Alert, length = 2
[junit] [Raw write]: length = 7
[junit] 0000: 15 03 03 00 02 02 50 ......P
[junit] main, called closeSocket()
[junit] @build.context@ 20170519-11:52:15: [DEBUG]: http-outgoing-0: Shutdown connection
It wasn't very helpful.
I also wrote a simple version of the client code. It seems the d1_libclient_java couldn't talk with any server. But this time the error message made more sense:
[junit] Caused by: java.security.InvalidKeyException: EC parameters error
[junit] at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:284)
[junit] at sun.security.ec.ECPublicKeyImpl.(ECPublicKeyImpl.java:59)
[junit] at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1021)
[junit] ... 52 more
[junit] Caused by: java.security.NoSuchProviderException: no such provider: SunEC
[junit] at sun.security.jca.GetInstance.getService(GetInstance.java:83)
[junit] at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
[junit] at java.security.Security.getImpl(Security.java:697)
[junit] at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:199)
[junit] at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:279)
[junit] ... 54 more
#1 Updated by Jing Tao over 4 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 30
After search online, I found this is caused by the missing of the sunec.jar file. It is weird that previous versions don't need it (it doesn't exist in the previous version) but the 131 version needs this jar file.
I copied the sunec.jar from the oracle jdk 1.7.0_80/jre/lib/ext to the openjdk-7/jre/lib/ext. The error is gone.
I have done the copy on member nodes on dev, sandbox and production env. I need to do more.