You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by David Thielen <da...@windward.net> on 2017/04/01 19:03:48 UTC
RE: https digest request failing with security exception
Thank you!
-----Original Message-----
From: Bindul Bhowmik [mailto:bindulbhowmik@gmail.com]
Sent: Friday, March 31, 2017 3:17 PM
To: HttpClient User Discussion <ht...@hc.apache.org>
Subject: Re: https digest request failing with security exception
David,
On Fri, Mar 31, 2017 at 1:23 PM, David Thielen <da...@windward.net> wrote:
> Hi;
>
> Second question. Is there a way to tell it I trust any certificate? That way I can connect to self-signed servers.
You will need a variation of TrustStrategy [1] like TrustSelfSignedStrategy [2]. The ClientCustomSSL example [3] shows (among other customizations) how to use a non-default TrustStrategy.
Of course, standard advise to not use that in production code.
- Bindul
[1] https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/TrustStrategy.html
[2] https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/TrustSelfSignedStrategy.html
[3] http://hc.apache.org/httpcomponents-client-4.5.x/httpclient/examples/org/apache/http/examples/client/ClientCustomSSL.java
>
> ??? - thanks - dave
>
>
> -----Original Message-----
> From: Bhowmik, Bindul [mailto:bindulbhowmik@gmail.com]
> Sent: Friday, March 31, 2017 11:31 AM
> To: HttpClient User Discussion <ht...@hc.apache.org>
> Subject: Re: https digest request failing with security exception
>
> Dave,
>
> On Fri, Mar 31, 2017 at 11:21 AM, David Thielen <da...@windward.net> wrote:
>> I have some simple code that does what I think is a correct & basic
>> request to read the url
>> https://httpbin.org/digest-auth/auth/user/passwd
>>
>> Reading that url in a browser works fine. But the code throws:
>> Exception in thread "main" javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to
>> find valid certification path to requested target at
>> sun.security.ssl.Alerts.getSSLException
>>
>> I have the code and full exception stack at http://stackoverflow.com/questions/43146218/https-digest-request-failing-with-security-exception (not repeated here to keep this email short).
>>
>> Any ideas?
>
> httpbin.org uses SSL cert from Let's Encrypt, and you are most likely
> hitting an issue with your JRE missing their CA certs. See
> https://community.letsencrypt.org/t/certificate-error-sun-security-val
> idator-validatorexception-pkix-path-building-failed-sun-security-provi
> der-certpath-suncertpathbuilderexception-unable-to-find-valid-certific
> ation-path-to-requested-target/28283
>
>>
>> Thanks - dave
>>
>
> - Bindul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org