Graal: [SSL] the trustAnchors parameter must be non-empty
I have a dockerized that uses the AWS SDK for Java and needs SSL support, unfortunately, I get the following error:
Caused by: io.netty.handler.codec.DecoderException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458)
Dockerfile
FROM oracle/graalvm-ce:1.0.0-rc14 AS build-aot
FROM debian:9-slim
LABEL maintainer="Sascha M枚llering <[email protected]>"
ENV javax.net.ssl.trustStore /cacerts
RUN apt-get update && apt-get install -y curl
COPY target/reactive-vertx /usr/bin/reactive-vertx
COPY --from=build-aot /opt/graalvm-ce-1.0.0-rc14/jre/lib/amd64/libsunec.so /libsunec.so
COPY --from=build-aot /opt/graalvm-ce-1.0.0-rc14/jre/lib/security/cacerts /cacerts
#HEALTHCHECK --interval=5s --timeout=3s --retries=3 \
# CMD curl -f http://localhost:8080/health/check || exit 1
EXPOSE 8080
CMD [ "/usr/bin/reactive-vertx" ]
Java code
static {
java.security.Security.setProperty("networkaddress.cache.ttl", "60");
String trustStoreLocation = getenv("javax.net.ssl.trustStore");
if (null != trustStoreLocation) {
LOGGER.info("Setting javax.net.ssl.trustStore to " + trustStoreLocation);
System.setProperty("javax.net.ssl.trustStore", trustStoreLocation);
}
}
public static void main (String ... args) {
Vertx vertx = Vertx.vertx();
vertx.deployVerticle(new BootStrapVerticle());
}
smoell
👍1
All 2 comments
For anyone stuck with SSL and certificate verification, it seems that the solution is to let the final binary know where both the trust and anchor cacert file lives. Add the following system properties to your application:
-Djavax.net.ssl.trustStore=graalvm/jre/lib/security/cacerts
-Djavax.net.ssl.trustAnchors=graalvm/jre/lib/security/cacerts
Assuming your graal installation is on the current path graalvm.
pmlopes
on 15 Apr 2019
👍6
👀1
That worked for me, thx!
smoell
on 15 Apr 2019
Was this page helpful?
0 / 5 - 0 ratings
Related issues
koduki
路
3Comments
borkdude
路
3Comments
schneidersteve
路
3Comments
sdeleuze
路
3Comments
igor-ramazanov
路
3Comments
Most helpful comment
For anyone stuck with SSL and certificate verification, it seems that the solution is to let the final binary know where both the trust and anchor cacert file lives. Add the following system properties to your application:
Assuming your graal installation is on the current path
graalvm.