You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2014/08/13 10:49:12 UTC

[jira] [Updated] (HTTPCLIENT-1539) Non-consistent SunCertPathBuilderException

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski updated HTTPCLIENT-1539:
------------------------------------------

    Priority: Minor  (was: Critical)

What makes you think this problem has anything to do with HttpClient? As far as I can tell every second request consistently fails with SunCertPathBuilderException. My suspicion is that there is a load balancer in front of two server nodes, one of which is misconfigured (has a different set of SSL certs).

Oleg

> Non-consistent SunCertPathBuilderException
> ------------------------------------------
>
>                 Key: HTTPCLIENT-1539
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1539
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>    Affects Versions: 4.3.5
>         Environment: java -version
> java version "1.8.0_05"
> Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
> Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode)
>            Reporter: Peter Bryant
>            Priority: Minor
>              Labels: ssl
>   Original Estimate: 6h
>  Remaining Estimate: 6h
>
> Hi.
> I have the following code:
>             HttpClient c = HttpClients.custom().build();
>             HttpResponse r = c.execute(new HttpGet("https://apcourseaudit.epiconline.org/start/login/"));
>             System.out.println(r.getStatusLine());
> That either prints:
> HTTP/1.1 200 OK
> Or it throws:
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> 	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
> 	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
> 	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
> 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
> 	... 27 more
> The result changes without the code varying.
> Adding in -Djavax.net.debug=all shows a bit of tracing of what is going on.
> A diff of the debug output shows it seems related to the handshake algorithm that happens to be used?  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ?
> I tried to track it down, but it has defeated me.  Can you reproduce?  Any ideas?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org