HttpURLConnection throws SunCertPathBuilderException in jdk11
Sean Mullan
sean.mullan at oracle.com
Tue Jul 24 15:58:18 UTC 2018
This should be fixed in JDK 11 b23. Please try again. See
https://bugs.openjdk.java.net/browse/JDK-8199779 for more info.
--Sean
On 6/25/18 12:28 AM, Jaikiran Pai wrote:
> I couldn't locate this bug in the JIRA nor the bugs.java.net, to see if
> it's acknowledged as an issue. So FWIW - I can reproduce this even on
> MacOS (so it isn't just specific to Windows OS). This is the code:
>
> import java.net.URL;
> import java.io.InputStream;
>
> public class CertTest {
> public static void main(final String[] args) throws Exception {
> final URL targetURL = new URL("https://api.vk.com/");
> try (final InputStream is =
> targetURL.openConnection().getInputStream()) {
> is.read();
> }
> }
> }
>
>
> -Jaikiran
>
>
> On 16/06/18 12:51 AM, Andrey Turbanov wrote:
>> Thank you for response.
>> I submitted bug to bugtracker. Iinternal review ID : 9055666
>> Didn't find a way to attach files there, but program example is short
>> and can be easily run by anyone.
>>
>>
>> Andrey Turbanov.
>>
>> 2018-06-15 16:58 GMT+03:00 Sean Mullan <sean.mullan at oracle.com
>> <mailto:sean.mullan at oracle.com>>:
>>
>> The 2nd (good) logfile looks like it is from a completely
>> different program - are you sure you are using the same code?
>>
>> If it is, please rerun again and also add -Djavax.net.debug=all to
>> the command-line which should give a bit more debug info as to
>> where the issue is occurring in the TLS handshake.
>>
>> I would also recommend filing a bug and attaching the logfiles so
>> that this is tracked and evaluated more formally:
>> https://bugreport.java.com/bugreport/
>> <https://bugreport.java.com/bugreport/>
>>
>> If this is indeed a regression, it's important that we get to the
>> bottom of it.
>>
>> Thanks,
>> Sean
>>
>>
>> On 6/12/18 11:10 AM, Андрей Турбанов wrote:
>>
>> 2 log files attached.
>>
>> Андрей Турбанов
>>
>> 2018-06-12 15:40 GMT+03:00 Sean Mullan <sean.mullan at oracle.com
>> <mailto:sean.mullan at oracle.com> <mailto:sean.mullan at oracle.com
>> <mailto:sean.mullan at oracle.com>>>:
>>
>>
>> Please add -Djava.security.debug=certpath to the java
>> command line
>> and attach the log file. Preferably, attach 2 log files,
>> one for a
>> good run and one for a bad run. This should help show what the
>> problem is.
>>
>> --Sean
>>
>> On 6/11/18 7:59 PM, Андрей Турбанов wrote:
>>
>> Hello.
>> I tried to use early jdk11 build
>> (http://jdk.java.net/11/) -
>> Oracle JDK build for Windows.
>> I got exception when my program tries to connect (via
>> HttpURLConnection) to https://api.vk.com/
>>
>>
>> sun.security.provider.certpath.SunCertPathBuilderException:
>> unable to find valid certification path to requested
>> target
>> at
>>
>> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
>> ~[?:?]
>> at
>>
>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
>> ~[?:?]
>> at
>>
>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
>> ~[?:?]
>> at
>>
>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>> ~[?:?]
>> at
>>
>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
>> ~[?:?]
>> at
>>
>> sun.security.validator.Validator.validate(Validator.java:264)
>> ~[?:?]
>> at
>>
>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:343)
>> ~[?:?]
>>
>> Same code works well with JDK 10.
>> Does JDK11 have different set of SSL certificates? Is
>> there any
>> way to allow connection to vk.com <http://vk.com>
>> <http://vk.com> <http://vk.com>?
>>
>> Andrey Turbanov
>>
>>
>>
>
More information about the net-dev
mailing list