What you're seeing is CAS trying to call back to your services to let them know that the CAS session ended. One of the endpoints for your applications has a certificate that disagrees with CAS :-)
On Wed, Jan 20, 2010 at 6:07 AM, Giuseppe Sollazzo <gsoll...@sgul.ac.uk>wrote: > Hi everyone, > I've got a seemingly working install of CAS on Moodle now, after solving > some issues with phpCAS. > Nonetheless I get an exception when using logout from CAS, invoking > https://myserver/cas-server-webapp-3.3.3/logout > > I guess this is related to using phpCAS::setNoCasServerValidation()? > > Thanks, > Giuseppe > > 2010-01-20 10:55:49,626 ERROR [org.jasig.cas.util.HttpClient] - > <javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: basic constraints check > failed: pathLenConstraint violated - this cert must be the last cert in the > certification path> > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path validation failed: > java.security.cert.CertPathValidatorException: basic constraints check > failed: pathLenConstraint violated - this cert must be the last cert in the > certification path > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown > Source) > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown > Source) > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source) > at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown > Source) > at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown > Source) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown > Source) > at org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:200) > at org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:160) > at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) > at java.util.concurrent.FutureTask.run(Unknown Source) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) > at java.lang.Thread.run(Unknown Source) > Caused by: sun.security.validator.ValidatorException: PKIX path validation > failed: java.security.cert.CertPathValidatorException: basic constraints > check failed: pathLenConstraint violated - this cert must be the last cert > in the certification path > at sun.security.validator.PKIXValidator.doValidate(Unknown Source) > at sun.security.validator.PKIXValidator.doValidate(Unknown Source) > at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) > at sun.security.validator.Validator.validate(Unknown Source) > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown > Source) > ... 20 more > Caused by: java.security.cert.CertPathValidatorException: basic constraints > check failed: pathLenConstraint violated - this cert must be the last cert > in the certification path > at > sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown > Source) > at > sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown > Source) > at > sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown > Source) > at java.security.cert.CertPathValidator.validate(Unknown Source) > ... 27 more > > -- > Giuseppe Sollazzo > Systems Developer / Administrator > > Computing Services > St. George's, University of London > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
