On Fri, 3 Apr 2026 10:44:09 GMT, Daniel Jeliński <[email protected]> wrote:
> This PR improves the exceptions thrown from HttpClient.send when the QUIC TLS > handshake fails on the client side, for example because the server > certificate is not trusted. > > Before the changes we would throw the following exception chain: > > javax.net.ssl.SSLHandshakeException: QUIC connection establishment failed > Caused by: javax.net.ssl.SSLHandshakeException: QUIC connection establishment > failed > Caused by: java.io.IOException: certificate_unknown > > After the changes the following exception chain is thrown: > > javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > Caused by: javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX > path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > > The new exception chain matches the one observed with HTTP 1/2. > > I updated a preexisting test to cover HTTP3, and added assertions to verify > the exception message. HttpClient tests continue to pass. This pull request has now been integrated. Changeset: 547ebe72 Author: Daniel Jeliński <[email protected]> URL: https://git.openjdk.org/jdk/commit/547ebe7236fee5b85888a808922e33c03ee3df23 Stats: 51 lines in 3 files changed: 22 ins; 9 del; 20 mod 8381316: HttpClient / Http3: poor exception messages on SSL handshake errors Reviewed-by: dfuchs ------------- PR: https://git.openjdk.org/jdk/pull/30563
