Story #8101
Openjdk 1.7.0_131 upgrade breaks d1_libclient_java
100%
Description
I had a piece of java client code which talked with CNs and it worked. However, it stopped working on the second day. I didn't change anything in my code. The error message was the cn list hasn't been initialized.
I turned on the ssl debug and saw the error message:
[junit] main, handling exception: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
[junit] %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
[junit] main, SEND TLSv1.2 ALERT: fatal, description = internal_error
[junit] main, WRITE: TLSv1.2 Alert, length = 2
[junit] [Raw write]: length = 7
[junit] 0000: 15 03 03 00 02 02 50 ......P
[junit] main, called closeSocket()
[junit] @build.context@ 20170519-11:52:15: [DEBUG]: http-outgoing-0: Shutdown connection
It wasn't very helpful.
I also wrote a simple version of the client code. It seems the d1_libclient_java couldn't talk with any server. But this time the error message made more sense:
[junit] Caused by: java.security.InvalidKeyException: EC parameters error
[junit] at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:284)
[junit] at sun.security.ec.ECPublicKeyImpl.(ECPublicKeyImpl.java:59)
[junit] at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1021)
[junit] ... 52 more
[junit] Caused by: java.security.NoSuchProviderException: no such provider: SunEC
[junit] at sun.security.jca.GetInstance.getService(GetInstance.java:83)
[junit] at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
[junit] at java.security.Security.getImpl(Security.java:697)
[junit] at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:199)
[junit] at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:279)
[junit] ... 54 more
History
#1 Updated by Jing Tao over 7 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 30
After search online, I found this is caused by the missing of the sunec.jar file. It is weird that previous versions don't need it (it doesn't exist in the previous version) but the 131 version needs this jar file.
I copied the sunec.jar from the oracle jdk 1.7.0_80/jre/lib/ext to the openjdk-7/jre/lib/ext. The error is gone.
I have done the copy on member nodes on dev, sandbox and production env. I need to do more.
#2 Updated by Dave Vieglais over 7 years ago
- Target version set to CCI-2.3.6
#3 Updated by Jing Tao about 7 years ago
- Target version changed from CCI-2.3.6 to CCI-2.3.7
#4 Updated by Dave Vieglais about 7 years ago
- Status changed from In Progress to Closed
- % Done changed from 30 to 100
#5 Updated by Dave Vieglais almost 7 years ago
- Sprint set to CCI-2.3.7