HttpURLConnection throws SunCertPathBuilderException in jdk11

Jaikiran Pai jai.forums2013 at gmail.com
Mon Jun 25 04:28:36 UTC 2018


I couldn't locate this bug in the JIRA nor the bugs.java.net, to see if 
it's acknowledged as an issue. So FWIW - I can reproduce this even on 
MacOS (so it isn't just specific to Windows OS). This is the code:

import java.net.URL;
import java.io.InputStream;

public class CertTest {
     public static void main(final String[] args) throws Exception {
         final URL targetURL = new URL("https://api.vk.com/");
         try (final InputStream is = 
targetURL.openConnection().getInputStream()) {
             is.read();
         }
     }
}


-Jaikiran


On 16/06/18 12:51 AM, Andrey Turbanov wrote:
> Thank you for response.
> I submitted bug to bugtracker. Iinternal review ID : 9055666
> Didn't find a way to attach files there, but program example is short 
> and can be easily run by anyone.
>
>
> Andrey Turbanov.
>
> 2018-06-15 16:58 GMT+03:00 Sean Mullan <sean.mullan at oracle.com 
> <mailto:sean.mullan at oracle.com>>:
>
>     The 2nd (good) logfile looks like it is from a completely
>     different program - are you sure you are using the same code?
>
>     If it is, please rerun again and also add -Djavax.net.debug=all to
>     the command-line which should give a bit more debug info as to
>     where the issue is occurring in the TLS handshake.
>
>     I would also recommend filing a bug and attaching the logfiles so
>     that this is tracked and evaluated more formally:
>     https://bugreport.java.com/bugreport/
>     <https://bugreport.java.com/bugreport/>
>
>     If this is indeed a regression, it's important that we get to the
>     bottom of it.
>
>     Thanks,
>     Sean
>
>
>     On 6/12/18 11:10 AM, Андрей Турбанов wrote:
>
>         2 log files attached.
>
>         Андрей Турбанов
>
>         2018-06-12 15:40 GMT+03:00 Sean Mullan <sean.mullan at oracle.com
>         <mailto:sean.mullan at oracle.com> <mailto:sean.mullan at oracle.com
>         <mailto:sean.mullan at oracle.com>>>:
>
>
>             Please add -Djava.security.debug=certpath to the java
>         command line
>             and attach the log file. Preferably, attach 2 log files,
>         one for a
>             good run and one for a bad run. This should help show what the
>             problem is.
>
>             --Sean
>
>             On 6/11/18 7:59 PM, Андрей Турбанов wrote:
>
>                 Hello.
>                 I tried to use early jdk11 build
>         (http://jdk.java.net/11/) -
>                 Oracle JDK build for Windows.
>                 I got exception when my program tries to connect (via
>                 HttpURLConnection) to https://api.vk.com/
>
>                
>         sun.security.provider.certpath.SunCertPathBuilderException:
>                 unable to find valid certification path to requested
>         target
>                       at
>                
>         sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
>                 ~[?:?]
>                       at
>                
>         sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
>                 ~[?:?]
>                       at
>                
>         java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
>                 ~[?:?]
>                       at
>                
>         sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
>                 ~[?:?]
>                       at
>                
>         sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
>                 ~[?:?]
>                       at
>                
>         sun.security.validator.Validator.validate(Validator.java:264)
>         ~[?:?]
>                       at
>                
>         sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:343)
>                 ~[?:?]
>
>                 Same code works well with JDK 10.
>                 Does JDK11 have different set of SSL certificates? Is
>         there any
>                 way to allow connection to vk.com <http://vk.com>
>         <http://vk.com> <http://vk.com>?
>
>                 Andrey Turbanov
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/net-dev/attachments/20180625/aad354ed/attachment.html>


More information about the net-dev mailing list