-
Notifications
You must be signed in to change notification settings - Fork 212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
gradlew fails to download gradle due to an SSLException on jdk-11 on ubuntu 18.04 #19
Comments
This looks like an issue with the openjdk installation. I feel like I've seen similar things around certificates and openjdk while learning about getting all the docker stuff setup for the Binder repo. Potentially related is docker-library/openjdk#145. See also https://github.com/mikaelhg/broken-docker-jdk9-cacerts for a more detailed explanation and some potential fixes (please let me know if you try any that work for you). That repository I linked also explicitly mentions Ubuntu 18.04 and says that the problem exists from >=jdk9. I would like to leave this open even if you find a workaround that works in case others come across the problem. Thanks for the report!
|
That is a crazy coincidence, I usually don't work with java at all. But the two last tasks in my Work, and here are all related to the exact same thing :P Anyway this workaround worked perfectly: But this workaround is bad for anything that is not a test machine since it overwrites the cacerts file. |
Yes it is not the nicest workaround. I believe what is going on now is just waiting for a version bump in the debian package as it is only a problem on openjdk for linux x64 (https://bugs.java.com/view_bug.do?bug_id=8189357). There was a pretty quick EOL for java 9 and we are on 10 currently but it looks like 11 is the planned long term support release (along with 8 as it was before jigsaw). I've had luck with 10 so far which maybe I should include in the readme in case users are only installing a newer jdk to try the project. Thanks for the update! |
I really think you should add -Djavax.net.ssl.trustStorePassword=changeit to the build since it should still solve the issue, and if changeit is set to a var that a user can change it will also allow people with custom java stores to be able to work with IJava as well. |
A quick fix I did (I assume that is not the proper way to do it, so I am just showing this as a proof of concept, or another potential workaround)
Right now it fails due to a new issue (maybe its something temporary) but it fails with the previous workaround as well so its unrelated:
|
I solved this problem by switching the operating system to Ubuntu 18.10. |
`./gradlew installKernel
Downloading https://services.gradle.org/distributions/gradle-4.2.1-bin.zip
Exception in thread "main" javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214)
at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1974)
at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1926)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1909)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1436)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:245)
at org.gradle.wrapper.Download.downloadInternal(Download.java:66)
at org.gradle.wrapper.Download.download(Download.java:51)
at org.gradle.wrapper.Install$1.call(Install.java:62)
at org.gradle.wrapper.Install$1.call(Install.java:48)
at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:69)
at org.gradle.wrapper.Install.createDist(Install.java:48)
at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:107)
at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:61)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.validator.PKIXValidator.(PKIXValidator.java:89)
at java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947)
at java.base/sun.security.ssl.ClientHandshaker.certificateStatus(ClientHandshaker.java:1798)
at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:276)
at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098)
at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026)
at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429)
... 14 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.base/java.security.cert.PKIXParameters.(PKIXParameters.java:120)
at java.base/java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:104)
at java.base/sun.security.validator.PKIXValidator.(PKIXValidator.java:86)
... 29 more
`
The text was updated successfully, but these errors were encountered: