HttpURLConnection throws SunCertPathBuilderException in jdk11

Sean Mullan sean.mullan at oracle.com
Fri Jun 15 13:58:37 UTC 2018


The 2nd (good) logfile looks like it is from a completely different 
program - are you sure you are using the same code?

If it is, please rerun again and also add -Djavax.net.debug=all to the 
command-line which should give a bit more debug info as to where the 
issue is occurring in the TLS handshake.

I would also recommend filing a bug and attaching the logfiles so that 
this is tracked and evaluated more formally: 
https://bugreport.java.com/bugreport/

If this is indeed a regression, it's important that we get to the bottom 
of it.

Thanks,
Sean


On 6/12/18 11:10 AM, Андрей Турбанов wrote:
> 2 log files attached.
> 
> Андрей Турбанов
> 
> 2018-06-12 15:40 GMT+03:00 Sean Mullan <sean.mullan at oracle.com 
> <mailto:sean.mullan at oracle.com>>:
> 
>     Please add -Djava.security.debug=certpath to the java command line
>     and attach the log file. Preferably, attach 2 log files, one for a
>     good run and one for a bad run. This should help show what the
>     problem is.
> 
>     --Sean
> 
>     On 6/11/18 7:59 PM, Андрей Турбанов wrote:
> 
>         Hello.
>         I tried to use early jdk11 build (http://jdk.java.net/11/) -
>         Oracle JDK build for Windows.
>         I got exception when my program tries to connect (via
>         HttpURLConnection) to https://api.vk.com/
> 
>         sun.security.provider.certpath.SunCertPathBuilderException:
>         unable to find valid certification path to requested target
>               at
>         sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
>         ~[?:?]
>               at
>         sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
>         ~[?:?]
>               at
>         java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
>         ~[?:?]
>               at
>         sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>         ~[?:?]
>               at
>         sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
>         ~[?:?]
>               at
>         sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
>               at
>         sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:343)
>         ~[?:?]
> 
>         Same code works well with JDK 10.
>         Does JDK11 have different set of SSL certificates? Is there any
>         way to allow connection to vk.com <http://vk.com> <http://vk.com>?
> 
>         Andrey Turbanov
> 
> 


More information about the net-dev mailing list