Re: [Jessie-discuss] Paypal https failure

[Casey Marshall]

On Nov 27, 2007, at 3:03 AM, Eric Wong wrote:

> On Nov 27, 2007 8:54 AM, Casey Marshall <address@hidden> wrote:
> > This is likely a bug in X.509 certificate parsing. paypal.com might
> > have updated their certificate to include something the code isn't
> > prepared to handle (the "2.5.4.5" thing is probably an OID; and the
> > certificate parser might not handle that).
> >
> > It would be helpful if you can figure out where in the code the
> > SSLProtocolException is being thrown, and find what's throwing the
> > original IllegalArgumentException.
> >
> > GCJ 3.4.1, Jessie 1.0, and GNU Crypto are all somewhat old at this
> > point. We've been more actively maintaining these things in GNU
> > Classpath.
>
> Does that help if I upgrade GNU Crypto, say 2.1.0 dev release or
> current CVS? What about Jessie 1.0.1?

That may not do it; the code that's problematic here is in libgcj. You  
can, however, replace that code at run-time with another certificate  
parsing library (it uses a similar pluggable architecture).

I tried this with GCJ 4.2.1, and it works almost out of the box  
(Jessie and GNU Crypto are both included in that release). Grabbing  
the 'gnu/java/security/cert' package from GNU Classpath (or GCJ) is a  
place to start.

> And, thank you for this wonderful library.
>
> Here's the complete stack trace:
> ----
> Exception in thread "main" javax.net.ssl.SSLProtocolException:
> java.lang.IllegalArgumentException: unknown attribute 2.5.4.5
>   at _ZN4java4lang11VMThrowable16fillInStackTraceEPNS0_9ThrowableE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at _ZN4java4lang9Throwable16fillInStackTraceEv (/opt/gcc/lib/ 
> libgcj.so.5.0.0)
>   at _ZN4java4lang9ThrowableC1EPNS0_6StringE (/opt/gcc/lib/libgcj.so. 
> 5.0.0)
>   at _ZN4java4lang9ExceptionC1EPNS0_6StringE (/opt/gcc/lib/libgcj.so. 
> 5.0.0)
>   at _ZN4java2io11IOExceptionC1EPNS_4lang6StringE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at _ZN5javax3net3ssl12SSLExceptionC1EPN4java4lang6StringE
> (/opt/spring/lib/libjessie.so)
> Caused by: java.security.cert.CertificateException:
> java.lang.IllegalArgumentException: unknown attribute 2.5.4.5
>   at _ZN4java4lang11VMThrowable16fillInStackTraceEPNS0_9ThrowableE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at _ZN4java4lang9Throwable16fillInStackTraceEv (/opt/gcc/lib/ 
> libgcj.so.5.0.0)
>   at _ZN4java4lang9ThrowableC1EPNS0_6StringE (/opt/gcc/lib/libgcj.so. 
> 5.0.0)
>   at _ZN4java4lang9ExceptionC1EPNS0_6StringE (/opt/gcc/lib/libgcj.so. 
> 5.0.0)
>   at _ZN4java8security24GeneralSecurityExceptionC1EPNS_4lang6StringE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at _ZN4java8security4cert20CertificateExceptionC1EPNS_4lang6StringE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at  
> _ZN3gnu4java8security4x50915X509CertificateC1EPN4java2io11InputStreamE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at  
> _ZN3gnu4java8security8provider22X509CertificateFactory12generateCertEPN4java2io11InputStreamE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at  
> _ZN3gnu4java8security8provider22X509CertificateFactory25engineGenerateCertificateEPN4java2io11InputStreamE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at  
> _ZN4java8security4cert18CertificateFactory19generateCertificateEPNS_2io11InputStreamE
> (/opt/gcc/lib/libgcj.so.5.0.0)
>   at  
> _ZN3org10metastatic6jessie8provider11Certificate4readEPN4java2io11InputStreamEPNS2_15CertificateTypeE
> (/opt/spring/lib/libjessie.so)