A bug in JSSE 1.0.3 keeps me busy the whole monday – ending up with migrating from JDK1.2.2 to JDK1.4.2 „out of the cold“.

In one of my maintenance project that realize some kind of an online-shop, „we“ use a third-party website for payment. Last friday afternoon they installed a new SSL-certificate. Since then, the shop couldn’t connect to that website with JSSE 1.0.3 (itself running an old setup with JDK1.2.2 and JRun – to be overhauled next month).

Tracing revealed „issuer != subject DN“ – even for JDK1.4.2 . I couldn’t figure out why. I tried to store the certificate in a keystore and cacerts but it wouldn’t work either. So I tried a workaround using a dummy trust manager. It worked for JDK1.4.2 but not for JDK1.2.2.

In the end i figured out the server certificate had something like
O=#0C294A3...
in the subject which JSSE 1.0 cannot parse. So even without evaluating the certificate it didn’t work. I was stuck here.

So we had no choice but to immediately upgrade to JDK1.4.2 since otherwise there was no payment possible. Luckily, it worked great! No problems so far!

If the thirdparty had noticed us about the new certificate, I had detected the problem as early as friday afternoon. But that’s life I guess.