java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] main, SEND TLSv1.2 ALERT: fatal, description = internal_error main, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 50 ......P main, called closeSocket()

JDK Bug System | Webbug Group | 12 months ago
  1. 0

    FULL PRODUCT VERSION : java version "1.8.0_51" Java(TM) SE Runtime Environment (build 1.8.0_51-b16) Java HotSpot(TM) Client VM (build 25.51-b03, mixed mode) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows [Version 6.1.7601] (Windows 7) EXTRA RELEVANT SYSTEM CONFIGURATION : Standard java installation Custom deployment.properties with deployment.system.security.cacerts=C:\tmp\cacerts java_home/lib/security/cacerts file deleted A DESCRIPTION OF THE PROBLEM : When java is deployed with a custom deployment.properties file setting a new location for the cacerts file; this configuration is ignored by the default JSSE implementation. Checking in the Java Control Panel, the Secure Site CA list is correctly populated. Trying to establish a secure connection HTTPS connection fails with the error message: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty Copy back the cacerts in java_home/lib/security Executing the test again, the connection is working fine. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Remove the cacerts file present in java_home/lib/security Modifiy the deployment.properties file to set the deployment.system.security.cacerts property on the new location of the cacerts file. Verify with the Java control panel that the property points correctly the new cacerts file Execute the test application EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - The default SSL connection should find the cacerts file at its new location, as the Java Control Panel does and the connection should be established without problems. ACTUAL - The connection could not be established ERROR MESSAGES/STACK TRACES THAT OCCUR : trustStore is: No File Available, using empty keystore. trustStore type is : jks trustStore provider is : init truststore trigger seeding of SecureRandom done seeding SecureRandom keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 .... main, handling exception: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] main, SEND TLSv1.2 ALERT: fatal, description = internal_error main, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 50 ......P main, called closeSocket() at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at SslGet.main(SslGet.java:30) Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90) at sun.security.validator.Validator.getInstance(Validator.java:179) at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1479) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ... 7 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88) ... 19 more REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; import java.net.InetSocketAddress; import java.net.Proxy; import java.net.URL; import java.net.URLConnection; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; public class SslGet { public static void main(String[] args) { try { System.setProperty("javax.net.debug", "all"); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, null, null); SSLSocketFactory sslSocketFactory = context.getSocketFactory(); Proxy theProx = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("my-proxy", 8080)); URL google = new URL("https://www.google.com"); URLConnection conn = google.openConnection(theProx); ((HttpsURLConnection) conn).setSSLSocketFactory(sslSocketFactory); InputStream ins = conn.getInputStream(); InputStreamReader isr = new InputStreamReader(ins); BufferedReader in = new BufferedReader(isr); String inputLine; while ((inputLine = in.readLine()) != null) { System.out.println(inputLine); } in.close(); } catch (Exception e) { e.printStackTrace(); } } } ---------- END SOURCE ----------

    JDK Bug System | 12 months ago | Webbug Group
    java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] main, SEND TLSv1.2 ALERT: fatal, description = internal_error main, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 50 ......P main, called closeSocket()
  2. 0

    FULL PRODUCT VERSION : java version "1.8.0_51" Java(TM) SE Runtime Environment (build 1.8.0_51-b16) Java HotSpot(TM) Client VM (build 25.51-b03, mixed mode) ADDITIONAL OS VERSION INFORMATION : Microsoft Windows [Version 6.1.7601] (Windows 7) EXTRA RELEVANT SYSTEM CONFIGURATION : Standard java installation Custom deployment.properties with deployment.system.security.cacerts=C:\tmp\cacerts java_home/lib/security/cacerts file deleted A DESCRIPTION OF THE PROBLEM : When java is deployed with a custom deployment.properties file setting a new location for the cacerts file; this configuration is ignored by the default JSSE implementation. Checking in the Java Control Panel, the Secure Site CA list is correctly populated. Trying to establish a secure connection HTTPS connection fails with the error message: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty Copy back the cacerts in java_home/lib/security Executing the test again, the connection is working fine. STEPS TO FOLLOW TO REPRODUCE THE PROBLEM : Remove the cacerts file present in java_home/lib/security Modifiy the deployment.properties file to set the deployment.system.security.cacerts property on the new location of the cacerts file. Verify with the Java control panel that the property points correctly the new cacerts file Execute the test application EXPECTED VERSUS ACTUAL BEHAVIOR : EXPECTED - The default SSL connection should find the cacerts file at its new location, as the Java Control Panel does and the connection should be established without problems. ACTUAL - The connection could not be established ERROR MESSAGES/STACK TRACES THAT OCCUR : trustStore is: No File Available, using empty keystore. trustStore type is : jks trustStore provider is : init truststore trigger seeding of SecureRandom done seeding SecureRandom keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 .... main, handling exception: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] main, SEND TLSv1.2 ALERT: fatal, description = internal_error main, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 50 ......P main, called closeSocket() at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at SslGet.main(SslGet.java:30) Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90) at sun.security.validator.Validator.getInstance(Validator.java:179) at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1479) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ... 7 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88) ... 19 more REPRODUCIBILITY : This bug can be reproduced always. ---------- BEGIN SOURCE ---------- import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; import java.net.InetSocketAddress; import java.net.Proxy; import java.net.URL; import java.net.URLConnection; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; public class SslGet { public static void main(String[] args) { try { System.setProperty("javax.net.debug", "all"); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, null, null); SSLSocketFactory sslSocketFactory = context.getSocketFactory(); Proxy theProx = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("my-proxy", 8080)); URL google = new URL("https://www.google.com"); URLConnection conn = google.openConnection(theProx); ((HttpsURLConnection) conn).setSSLSocketFactory(sslSocketFactory); InputStream ins = conn.getInputStream(); InputStreamReader isr = new InputStreamReader(ins); BufferedReader in = new BufferedReader(isr); String inputLine; while ((inputLine = in.readLine()) != null) { System.out.println(inputLine); } in.close(); } catch (Exception e) { e.printStackTrace(); } } } ---------- END SOURCE ----------

    JDK Bug System | 12 months ago | Webbug Group
    java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty %% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] main, SEND TLSv1.2 ALERT: fatal, description = internal_error main, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 50 ......P main, called closeSocket()
  3. 0

    JavaBot does not log in!

    GitHub | 2 years ago | ByteCommander
    javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Mongo SSL with Java Exception sending message

    Stack Overflow | 2 years ago | Aliencc
    com.mongodb.MongoSocketWriteException: Exception sending message at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:461) ~[mongo-java-driver-3.0.0.jar:na]
  6. 0

    GitHub comment 71#34295135

    GitHub | 3 years ago | THEBRANDYMAN
    javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

    4 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.security.InvalidAlgorithmParameterException

      the trustAnchors parameter must be non-empty

      at java.security.cert.PKIXParameters.setTrustAnchors()
    2. Java RT
      Validator.getInstance
      1. java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
      2. java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
      3. java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
      4. sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
      5. sun.security.validator.Validator.getInstance(Validator.java:179)
      5 frames
    3. Java JSSE
      SSLSocketImpl.startHandshake
      1. sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
      2. sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
      3. sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
      4. sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
      5. sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1479)
      6. sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
      7. sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      8. sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
      9. sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
      10. sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
      11. sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
      12. sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
      12 frames
    4. Java RT
      HttpsURLConnectionImpl.getInputStream
      1. sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
      2. sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      3. sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
      4. sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
      5. sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
      5 frames
    5. Unknown
      SslGet.main
      1. SslGet.main(SslGet.java:30)
      1 frame