hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher BROWN <br...@reflexe.fr>
Subject Providing feedback when an SSL certificate is not recognized (due to missing entry in keystore)
Date Sun, 29 Dec 2013 13:48:01 GMT
Hello,

I've dealt with an issue where an application being migrated to HTTP client
has (with the original HttpURLConnection class) thrown this exception:

javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
This was due to a missing entry in the keystore, easy enough for me to fix.
 However, when the code in question is migrated to HTTP client 4.3+, is
there any API for detecting that a missing keystore entry was the cause,
and providing user feedback such as "the server is using a SSL certificate
from Gandi, however this authority has no entry in the keystore" (I'd build
the message, but would need to have an API to query the certificate info).

Thanks,
Christopher BROWN

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message