Http3 Client times out for an untrusted certificate
Daniel Fuchs
daniel.fuchs at oracle.com
Thu Nov 6 15:37:55 UTC 2025
Hi Joshua,
Thanks for reporting this and for trying out HTTP/3!
I have logged https://bugs.openjdk.org/browse/JDK-8371413 and we will
investigate.
A couple of question though:
1. if I understand correctly the server was using a self-signed
certificate and the client truststore didn't contain it. Is
that a fair description of the set up?
2. would it possible for you to share the client logs when the issue
occurred?
Running the client with:
-Ddk.httpclient.HttpClient.log=requests,headers,errors,http3,quic:control:retransmit
would help us diagnose the issue.
Note: the mailing list might reject the attachment, let me know if
that happens.
best regards,
-- daniel
On 06/11/2025 15:15, Josiah Noel wrote:
> I've been testing the Http3 support on windows 11 with build
> 26-ea+22-2263, and my request was seemingly just timing out.
>
> After like 3 hours of fiddling, I realized that I forgot to import the
> mkcert rootCA I was using into the jdk cacerts.
>
> Long story short, when I ran `keytool -import -trustcacerts -noprompt
> -alias mkcert-root-ca -file "$(mkcert -CAROOT)/rootCA.pem" -keystore
> "$JAVA_HOME/lib/security/cacerts" -storepass changeit` then it
> suddenly began to work.
>
> Perchance is it possible to get a clearer error message?
More information about the net-dev
mailing list