Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8260925

HttpsURLConnection does not work with other JSSE provider.


    • b13

        If we try to open a url as follows
        new java.net.URL(“https://google.com”).openStream()

        The above code works with SunJSSE provider but will throw the below exception if I change the JSSE provider to BouncyCastleProvider .

        The following exception is thrown when the connection is made:

        java.security.cert.CertificateException: No subject alternative name found matching IP address

        This works with default the JSSE provider because the host is being set in in HttpsClient.java as follows

           s = (SSLSocket)serverSocket;
           if (s instanceof SSLSocketImpl) {

        In the case of BouncyCastle providers above will not be set, this causing the exception to be thrown.

        How to reproduce the issue.

        Follow the below steps to reproduce the issue.

        1-> Download all the attached file.
        1.1-> HttpsURLConnectionTest.java the main program which reproduce the issue.
        1.2-> mySrvKeystore is certificate file.
          1.3-> mySrvKeystore.bks certificate file in bks format
          1.4 -> download the required BouncyCastle jars from www.bouncycastle.org

        2-> Run the HttpsURLConnectionTest with SunJSSE provider it will work as expected.
        You have to fix the certificate file path in program.

        3-> To run the HttpsURLConnection.java on BouncyCastleProvider follow the below steps.
        3.1-> Go to <JDK>/conf/security/java.security file.
        3.2-> change the JSSE proper as follows

        security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider C:HYBRID;ENABLE{ALL};
        security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
          3.3 -> change the Default keystore type to BCFKS
          3.4 -> Change the default key and trust manager factory algorithms as follows

        4-> Run the HttpsURLConnectionTest it will throw the exception.

          1. mySrvKeystore.bks
            3 kB
            Vyom Tewari
          2. mySrvKeystore
            2 kB
            Vyom Tewari
          3. HttpsURLConnectionTest.java
            5 kB
            Vyom Tewari

              vtewari Vyom Tewari
              vtewari Vyom Tewari
              0 Vote for this issue
              5 Start watching this issue
