RFR - 8132734: java.util.jar.* changes to support multi-release jar files

Sean Mullan sean.mullan at oracle.com
Wed Sep 30 18:51:20 UTC 2015

On 9/30/15 2:30 PM, Steve Drach wrote:
> Hi Max,
>> Can you describe if there is any effect on signed jars? Including:
>> 1. Will jarsigner be able to sign such a jar?
> The jarsigner from 1.8.0_51 can sign the jar.  The jarsigner from jdk9/dev can not, giving me the error
> jarsigner: unable to sign jar: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
> I’m unsure what that means, and searching for it has not turned up anything useful except that it might be limited to Mac OS/X.  If anyone can help me here, I’d appreciate it.

This means it could not find a trusted root CA from the cacerts file to 
validate the certificate chain. By default, OpenJDK includes an empty 
cacerts file. You need to do a jdk9 build with the closed sources, as 
that is where the trusted roots are.


More information about the core-libs-dev mailing list