View Issue Details

IDProjectCategoryView StatusLast Update
0011245CentOS-7javapublic2016-07-30 21:29 Assigned To 
Status newResolutionopen 
Platformx86_64OSCentOSOS Version7.0.1406
Summary0011245: JDK 1.7.0_111 SunEC InternalError for older nss version
DescriptionWhen we upgraded from JDK 1.7.0_101 to 1.7.0_111 with the same nss version in place, 3.15.4, various calls into the JDK namespace throw errors. After we upgrade to the latest version of nss, though, the problems no longer occur. This suggests that the latest JDK versions should have a minimum requirement on newer versions of nss that do not have this problem.
Steps To Reproduce1) (optional) Compile the code below with javac to produce the attached `GetProviders.class` file.


public class GetProviders {
    public static void main (String argv[]) {
       Provider[] providers = Security.getProviders();
       if (providers != null) {
         System.out.println ("Got " + providers.length + " providers");
         for (Provider provider : providers) {
           System.out.println("Provider: " + provider.getName());

2) Run `yum install java-1.7.0-openjdk`.

3) With `nss` version 3.15.4 installed, run `java GetProviders`


See output like the following:

Got 9 providers
Provider: SUN
Provider: SunRsaSign
Provider: SunEC
Provider: SunJSSE
Provider: SunJCE
Provider: SunJGSS
Provider: SunSASL
Provider: XMLDSig
Provider: SunPCSC


Exception in thread "main" java.lang.InternalError
    at Method)
    at Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
    at java.lang.reflect.Constructor.newInstance(
    at java.lang.Class.newInstance(
    at Method)
    at GetProviders.main(

3) Run `yum upgrade nss`.

nss is upgraded to 3.21.0.

4) Run `java GetProviders`. See the "expected" output from step 3.
Additional InformationA similar discussion about this for JDK 8 on Fedora occurred on this ticket in the RedHat Bugzilla took place here - Maybe the same sort of fix in packaging could be done to address this issue for CentOS 7.

Also, this same problem is reproducible with CentOS 6.
TagsNo tags attached.


2016-07-30 21:22


GetProviders.class (978 bytes)

2016-07-30 21:29

reporter   ~0027169

Note that the Security.getProviders() call is made by common Java packages like the maven and leiningen build tools, among others, so I expect that the effect of this issue would be pretty widespread.

Issue History

Date Modified Username Field Change
2016-07-30 21:22 New Issue
2016-07-30 21:22 File Added: GetProviders.class
2016-07-30 21:29 Note Added: 0027169