The problem
Exception in thread "main" java.io.IOException: unsupported keyword OID.2.5.4.17
at com.sun.net.ssl.internal.ssl.AVA.<init>(DashoA12275(Compiled Code))
at com.sun.net.ssl.internal.ssl.RDN.<init>(DashoA12275(Compiled Code))
at com.sun.net.ssl.internal.ssl.X500Name.a(DashoA12275(Compiled Code))
at com.sun.net.ssl.internal.ssl.X500Name.<init>(DashoA12275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA12275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA12275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsClient.a(DashoA12275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect(DashoA12275)
at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream(DashoA12275)
What’s your fault when a client running your application for more than 5 years is now receiving this error when its security provider finally upgraded it’s certificates to include: OID.2.5.4.17=<9 digit zip> now standard in almost all certificates.
Upgrade you might say but this is not simple considering that the client is AIX based:
java version "1.3.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1)
Classic VM (build 1.3.1, J2RE 1.3.1 IBM AIX build ca131-20030630a (JIT enabled: jitc))
Solution?
- upgrade JSSE. No. JSSE is in EOL for some time now.
- try to use the JSSE from 1.4.2. No, this version is not pluggable.
- upgrade to java 1.4.2 which is not an easy task in these conditions
- you soon realize that the IBM java has a special implementation of JSSE found in the ibmjsse.jar file so the code written in java 1.3 for the jsse plugable module is not working with the ibmjsse implementation with error:
Classe java introuvable : com/sun/net/ssl/internal/ssl/Provider
- finally the solution is to remove from your code the following part:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
- it only remains the problem to compile 5 years old code :)
Comments:
Guanyu -
this saves me.. thanks..