Bug ID: JDK-8185892 Support SSL via Operating system libaries

Type: Enhancement
Component: security-libs
Sub-Component: javax.net.ssl
Affected Version: 8,9

Priority: P4
Status: Closed
Resolution: Incomplete

Submitted: 2017-08-04
Updated: 2017-08-09
Resolved: 2017-08-09

A DESCRIPTION OF THE REQUEST :
When trying to use SSL based connections typical error messages you might get are:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

see e.g.
https://stackoverflow.com/questions/18378869/pkix-path-building-failed-in-java-application

this happens for URL that give no trouble at all if any browser is used that will lookup the certificates in the operating systems environment e.g. on OSX in the keystore.

The reason for the behavior is Oracle/Javas decision to have its own way of checking certificates so that a redundant handling of certificates is asked for.

JUSTIFICATION :
The current solution is far to complicated and needs lots of setup steps. Its almost impossible to deploy an application with SSL support to a client if e.g. client certificates need to be supported. 

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Do as the romans (browsers) do. Just use the libaries of the operating system e.g. OpenSSL.
ACTUAL -
There is some implementation of keystores that are specific to the java environment and have their own toolset.

---------- BEGIN SOURCE ----------
access any SSL based URL.
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Do not use Java. Do not use SSL security.

I am closing this as Incomplete because it is not clear what the actual underlying issue is and whether it can be addressed with our current TLS implementation. Please add additional information and specific details if it is re-opened, ex: a debug trace log with -Djavax.net.debug=all and -Djava.security.debug=all.

09-08-2017