Closed MGlolenstine closed 5 years ago
edvin
commented
5 years ago The launcher uses HttpUrlConnection which handles SSL just fine, but if you’re using a self signed cert you would have to supply a valid verification chain, see the docs for HttpUrlConnection.
MGlolenstine
commented
5 years ago I am using a self-signed cert, but is there a way to supply it with the launcher, because it seems like the keystore part requires it to be stored on user's computer and be accessed via terminal argument.
edvin
commented
5 years ago You could load it into the users trust store or provide a custom trust store, but it's just not worth it. SSL certs are cheap or even free these days. Save yourself a ton of hassle and get a real one :)
MGlolenstine
commented
5 years ago Ok, fair point :+1:. I'll do that then, keep up the good work!
edvin
commented
5 years ago I just had an idea though. If you use native installers you have full control of the supplied JVM along with the trust store, so you can basically just import the self signed cert with keytool into the JVM that will be built into the installer, and you should be good to go even with a self signed cert!
MGlolenstine
commented
5 years ago How do I specify the JVM that's going to be integrated into the native launcher?
edvin
commented
5 years ago See the docs for javapackager. Basically it will use the one you have in your path or point to with JAVA_HOME
MGlolenstine
commented
5 years ago Ooooh, that's helpful to know... Thanks! <3
MGlolenstine
commented
5 years ago Did exactly what you said, installed certs using keytool and now it works. On multiple machines! Thanks
edvin
commented
5 years ago Great, thanks for reporting back!
MGlolenstine
commented
5 years ago Well... Thanks for fast and good support :)
Upon opening a built application, I get greeted with app closing and spewing out this error.
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263) at fxlauncher.FXManifest.load(FXManifest.java:198) at fxlauncher.AbstractLauncher.syncManifest(AbstractLauncher.java:223) at fxlauncher.AbstractLauncher.updateManifest(AbstractLauncher.java:92) at fxlauncher.Launcher.lambda$start$0(Launcher.java:140) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.(PKIXValidator.java:91)
at sun.security.validator.Validator.getInstance(Validator.java:181)
at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
... 11 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.security.cert.PKIXParameters.(PKIXParameters.java:120)
at java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:104)
at sun.security.validator.PKIXValidator.(PKIXValidator.java:89)
... 23 more
It would appear that the launcher can't handle updating via SSL.
It's probably just a mistake in the configuration. How would I fix that error?
App launches fine via java, but not via native launcher.