Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 86E851175B for ; Wed, 13 Aug 2014 08:49:12 +0000 (UTC) Received: (qmail 40421 invoked by uid 500); 13 Aug 2014 08:49:12 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 40382 invoked by uid 500); 13 Aug 2014 08:49:12 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 40368 invoked by uid 99); 13 Aug 2014 08:49:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Aug 2014 08:49:12 +0000 Date: Wed, 13 Aug 2014 08:49:12 +0000 (UTC) From: "Oleg Kalnichevski (JIRA)" To: dev@hc.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HTTPCLIENT-1539) Non-consistent SunCertPathBuilderException MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HTTPCLIENT-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Oleg Kalnichevski updated HTTPCLIENT-1539: ------------------------------------------ Priority: Minor (was: Critical) What makes you think this problem has anything to do with HttpClient? As far as I can tell every second request consistently fails with SunCertPathBuilderException. My suspicion is that there is a load balancer in front of two server nodes, one of which is misconfigured (has a different set of SSL certs). Oleg > Non-consistent SunCertPathBuilderException > ------------------------------------------ > > Key: HTTPCLIENT-1539 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1539 > Project: HttpComponents HttpClient > Issue Type: Bug > Affects Versions: 4.3.5 > Environment: java -version > java version "1.8.0_05" > Java(TM) SE Runtime Environment (build 1.8.0_05-b13) > Java HotSpot(TM) 64-Bit Server VM (build 25.5-b02, mixed mode) > Reporter: Peter Bryant > Priority: Minor > Labels: ssl > Original Estimate: 6h > Remaining Estimate: 6h > > Hi. > I have the following code: > HttpClient c = HttpClients.custom().build(); > HttpResponse r = c.execute(new HttpGet("https://apcourseaudit.epiconline.org/start/login/")); > System.out.println(r.getStatusLine()); > That either prints: > HTTP/1.1 200 OK > Or it throws: > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target > at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145) > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) > ... 27 more > The result changes without the code varying. > Adding in -Djavax.net.debug=all shows a bit of tracing of what is going on. > A diff of the debug output shows it seems related to the handshake algorithm that happens to be used? TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ? > I tried to track it down, but it has defeated me. Can you reproduce? Any ideas? -- This message was sent by Atlassian JIRA (v6.2#6252) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org