Issue 513: Unable to use OpenID after default install
Status:  Released
Owner: ----
Closed:  Oct 2012
Reported by pball...@gmail.com, Mar 25, 2010
Affected Version:

What steps will reproduce the problem?
1. Follow install guide at 
http://gerrit.googlecode.com/svn/documentation/2.1.2/install.html
2. Use mysql, and openid options
3. Attempt to register a new account using the "Register with a Google 
Account" or "Register with a Yahoo! ID" links

What is the expected output? What do you see instead?
The message "Provider is not supported, or was incorrectly entered." is 
displayed.


Please provide any additional information below.

The following error is printed in error_log:
[2010-03-25 08:56:03,086] WARN  org.eclipse.jetty.util.log : 
javax.net.ssl.SSLException: Received fatal alert: bad_certificate



Mar 26, 2010
#1 pball...@gmail.com
Attached is a pcap of the SSL negotiations of several attempted OpenID auths against 
google.  The client (gerrit2) appears to be terminating the handshake with "Internal 
Error", however no errors are logged by gerrit2.
gerrit2_openid_auth.pcap
11.7 KB   Download
Mar 26, 2010
#2 pball...@gmail.com
This turned out to be a bug in Debian's OpenJDK install where the cacerts aren't 
properly set up for Java.

In case others have the same problem, I worked around the problem by installing sun-
java6-jre (from non-free) and symlinking the cacerts file:
ln -sf /etc/java-6-sun/security/cacerts /etc/ssl/certs/java/cacerts

It still would be nice if gerrit would actually log the proper error when server 
certificates could not be validated.
Mar 26, 2010
#3 sop@google.com
Added logging statement when the connection fails.

Change I55541db703d338214fa65bd1a66664d0a0aa5d02
Status: Fixed
Labels: FixedIn-2.1.2.2
Oct 21, 2012
#4 sop@google.com
(No comment was entered for this change.)
Status: Released