unsupported keyword OID.2.5.4.17

02.27.2009 | Author: len | Posted in english, work
Tags: , ,

The problem

Exception in thread "main" java.io.IOException: unsupported keyword OID.2.5.4.17
        at com.sun.net.ssl.internal.ssl.AVA.<init>(DashoA12275(Compiled Code))
        at com.sun.net.ssl.internal.ssl.RDN.<init>(DashoA12275(Compiled Code))
        at com.sun.net.ssl.internal.ssl.X500Name.a(DashoA12275(Compiled Code))
        at com.sun.net.ssl.internal.ssl.X500Name.<init>(DashoA12275)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA12275)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA12275)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA12275)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA12275)
        at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream(DashoA12275)

What’s your fault when a client running your application for more than 5 years is now receiving this error when its security provider finally upgraded it’s certificates to include: OID.2.5.4.17=<9 digit zip> now standard in almost all certificates.

Upgrade you might say but this is not simple considering that the client is AIX based:

java version "1.3.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1)
Classic VM (build 1.3.1, J2RE 1.3.1 IBM AIX build ca131-20030630a (JIT enabled: jitc))

Solution?

  • upgrade JSSE. No. JSSE is in EOL for some time now.
  • try to use the JSSE from 1.4.2. No, this version is not pluggable.
  • upgrade to java 1.4.2 which is not an easy task in these conditions
  • you soon realize that the IBM java has a special implementation of JSSE found in the ibmjsse.jar file so the code written in java 1.3 for the jsse plugable module is not working with the ibmjsse implementation with error:
Classe java introuvable :  com/sun/net/ssl/internal/ssl/Provider
  • finally the solution is to remove from your code the following part:
 Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
 System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
  • it only remains the problem to compile 5 years old code :)
Related Posts with Thumbnails

Related posts:

  1. Eclipse crashes in Ubuntu Karmic Trying to run Apache Directory Studio I’ve found that eclupse...
  2. Flex applications size optimization After quite some time of development we realised that our...
  3. JBoss migration 4.2.2-GA to 5.1.0-GA In my stupidity innocence I just hoped that deploying the...

One Response

  1. Guanyu August 21st, 2009 at 0:20

    this saves me..

    thanks..

Leave a Reply