JDK-7178863 : jarsigner -tsa fails with javax.net.ssl.SSLProtocolException: handshake alert:
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 7
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_2003
  • CPU: x86
  • Submitted: 2012-06-21
  • Updated: 2012-09-06
  • Resolved: 2012-06-22
Related Reports
Duplicate :  
JDK-7177232 - JSSE changes in Java 7 break Jarsigner fatally: unrecognized_name
Description
FULL PRODUCT VERSION :
1.7.0_04-b20

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 5.2.3790]

A DESCRIPTION OF THE PROBLEM :
Trying to use the geotrust time stamping server with our VeriSign code signing certificate in the jarsigner fails with Java 1.7.  This same command still works fine with all versions of Java 1.6, but we would like to upgrade to Java 7 on our build systems.

We are will be unable to release any products built in a Java 7 environment until a fix is available in 1.7.

REGRESSION.  Last worked in version 6u31

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
jarsigner -keystore <certificate.path> -storetype jks -storepass <password> -tsa https://timestamp.geotrust.com/tsa <jar.name> attachmate



EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Jarsigner successfully completes that signing operation and included the time stamp from the geotrust time stamping service.
ACTUAL -
resulting error message is:
jarsigner: unable to sign jar: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name

ERROR MESSAGES/STACK TRACES THAT OCCUR :
jarsigner: unable to sign jar: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
N/A - you should be able to duplicate this with your own code signing certificates
---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
None found