Http3 Client times out for an untrusted certificate

[Jaikiran Pai]

In addition to what Daniel noted, could you also show us the snippet of 
the client application code which was issuing this request? Was it using 
any Http3DiscoveryMode? And to be clear, the application wasn't 
receiving any exception, not even any timeout exception?

-Jaikiran

On 06/11/25 9:07 pm, Daniel Fuchs wrote:
> Hi Joshua,
>
> Thanks for reporting this and for trying out HTTP/3!
>
> I have logged https://bugs.openjdk.org/browse/JDK-8371413 and we will
> investigate.
>
> A couple of question though:
>
> 1. if I understand correctly the server was using a self-signed
>    certificate and the client truststore didn't contain it. Is
>    that a fair description of the set up?
>
> 2. would it possible for you to share the client logs when the issue
>    occurred?
>
>    Running the client with:
>
> -Ddk.httpclient.HttpClient.log=requests,headers,errors,http3,quic:control:retransmit 
>
>
>    would help us diagnose the issue.
>
> Note: the mailing list might reject the attachment, let me know if
>       that happens.
>
> best regards,
>
> -- daniel
>
> On 06/11/2025 15:15, Josiah Noel wrote:
>> I've been testing the Http3 support on windows 11 with build 
>> 26-ea+22-2263, and my request was seemingly just timing out.
>>
>> After like 3 hours of fiddling, I realized that I forgot to import 
>> the mkcert rootCA  I was using into the jdk cacerts.
>>
>> Long story short, when I ran  `keytool -import -trustcacerts 
>> -noprompt -alias mkcert-root-ca   -file "$(mkcert 
>> -CAROOT)/rootCA.pem"   -keystore "$JAVA_HOME/lib/security/cacerts"   
>> -storepass changeit` then it suddenly began to work.
>>
>> Perchance is it possible to get a clearer error message?
>