Farah Juma created ELY-1630: ------------------------------- Summary: Ignore any blank lines in between the certificates in the certificate chain returned by an ACME server to avoid parsing issues on IBM JDK Key: ELY-1630 URL: https://issues.jboss.org/browse/ELY-1630 Project: WildFly Elytron Issue Type: Bug Components: API / SPI Reporter: Farah Juma Assignee: Farah Juma Currently, {{AcmeClientSpiTest#testObtainCertificateChainWithKeySize}} and {{AcmeClientSpiTest#testObtainCertificateChainWithECPublicKey}} fail when run with IBM JDK with the following error: {code} org.wildfly.security.x500.cert.acme.AcmeException: ELY10049: Unable to download certificate chain from ACME server at org.wildfly.security.x500.cert.acme.AcmeClientSpi.getPemCertificateChain(AcmeClientSpi.java:988) at org.wildfly.security.x500.cert.acme.AcmeClientSpi.obtainCertificateChain(AcmeClientSpi.java:519) at org.wildfly.security.x500.cert.acme.AcmeClientSpiTest.obtainCertificateChain(AcmeClientSpiTest.java:284) at org.wildfly.security.x500.cert.acme.AcmeClientSpiTest.testObtainCertificateChainWithKeySize(AcmeClientSpiTest.java:260) Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: insufficient data at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:268) at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:448) at org.wildfly.security.x500.cert.acme.AcmeClientSpi.getPemCertificateChain(AcmeClientSpi.java:984) ... 3 more {code} The underlying issue is that the PEM certificate chain returned by the ACME server has a blank line in between the two certificates in the chain. This causes parsing issues on IBM JDK. To fix this, we can just ignore any blank lines in the chain. -- This message was sent by Atlassian JIRA (v7.5.0#75005)