You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2014/08/13 10:49:12 UTC
[jira] [Updated] (HTTPCLIENT-1539) Non-consistent
SunCertPathBuilderException
[ https://issues.apache.org/jira/browse/HTTPCLIENT-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Oleg Kalnichevski updated HTTPCLIENT-1539:
------------------------------------------
Priority: Minor (was: Critical)
What makes you think this problem has anything to do with HttpClient? As far as I can tell every second request consistently fails with SunCertPathBuilderException. My suspicion is that there is a load balancer in front of two server nodes, one of which is misconfigured (has a different set of SSL certs).
Oleg
> Non-consistent SunCertPathBuilderException
> ------------------------------------------
>
> Key: HTTPCLIENT-1539
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1539
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Affects Versions: 4.3.5
> Environment: java -version
> java version "1.8.0_05"
> Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
> Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
> Reporter: Peter Bryant
> Priority: Minor
> Labels: ssl
> Original Estimate: 6h
> Remaining Estimate: 6h
>
> Hi.
> I have the following code:
> HttpClient c = HttpClients.custom().build();
> HttpResponse r = c.execute(new HttpGet("https://apcourseaudit.epiconline.org/start/login/"));
> System.out.println(r.getStatusLine());
> That either prints:
> HTTP/1.1 200 OK
> Or it throws:
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
> ... 27 more
> The result changes without the code varying.
> Adding in -Djavax.net.debug=all shows a bit of tracing of what is going on.
> A diff of the debug output shows it seems related to the handshake algorithm that happens to be used? TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ?
> I tried to track it down, but it has defeated me. Can you reproduce? Any ideas?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org