Re: HttpURLConnection throws SunCertPathBuilderException in jdk11

Fri, 15 Jun 2018 06:59:33 -0700

The 2nd (good) logfile looks like it is from a completely different program - are you sure you are using the same code?
If it is, please rerun again and also add -Djavax.net.debug=all to the command-line which should give a bit more debug info as to where the issue is occurring in the TLS handshake. 


I would also recommend filing a bug and attaching the logfiles so that 
this is tracked and evaluated more formally: 
https://bugreport.java.com/bugreport/



If this is indeed a regression, it's important that we get to the bottom 
of it.


Thanks,
Sean


On 6/12/18 11:10 AM, Андрей Турбанов wrote:

2 log files attached.

Андрей Турбанов


2018-06-12 15:40 GMT+03:00 Sean Mullan <sean.mul...@oracle.com 
<mailto:sean.mul...@oracle.com>>:


    Please add -Djava.security.debug=certpath to the java command line
    and attach the log file. Preferably, attach 2 log files, one for a
    good run and one for a bad run. This should help show what the
    problem is.

    --Sean

    On 6/11/18 7:59 PM, Андрей Турбанов wrote:

        Hello.
        I tried to use early jdk11 build (http://jdk.java.net/11/) -
        Oracle JDK build for Windows.
        I got exception when my program tries to connect (via
        HttpURLConnection) to https://api.vk.com/

        sun.security.provider.certpath.SunCertPathBuilderException:
        unable to find valid certification path to requested target
              at
        
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        ~[?:?]
              at
        
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        ~[?:?]
              at
        java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
        ~[?:?]
              at
        sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
        ~[?:?]
              at
        
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
        ~[?:?]
              at
        sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
              at
        
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:343)
        ~[?:?]

        Same code works well with JDK 10.
        Does JDK11 have different set of SSL certificates? Is there any
        way to allow connection to vk.com <http://vk.com> <http://vk.com>?

        Andrey Turbanov
























					Reply via email to