sun.security.validator.ValidatorException on pushing a report
longtimeago opened this issue ยท 3 comments
We are using Travis-ci to build the project.
Several days ago the build started to fail with an exception:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[INFO] at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
[INFO] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
[INFO] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
[INFO] at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
[INFO] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
[INFO] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
[INFO] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
[INFO] at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
[INFO] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
[INFO] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
[INFO] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
[INFO] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
[INFO] at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
[INFO] at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
[INFO] at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
[INFO] at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
[INFO] at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
[INFO] at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
[INFO] at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
[INFO] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
[INFO] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
[INFO] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
[INFO] at com.versioneye.utils.HttpUtils.post(HttpUtils.java:72)
[INFO] at com.versioneye.UpdateMojo.uploadDependencies(UpdateMojo.java:55)
[INFO] at com.versioneye.UpdateMojo.execute(UpdateMojo.java:41)
[INFO] at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
[INFO] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
[INFO] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
[INFO] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
[INFO] at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
[INFO] at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
[INFO] at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
[INFO] at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
[INFO] at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
[INFO] at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
[INFO] at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
[INFO] at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
[INFO] at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
[INFO] at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
[INFO] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[INFO] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[INFO] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[INFO] at java.lang.reflect.Method.invoke(Method.java:497)
[INFO] at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
[INFO] at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
[INFO] at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
[INFO] at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
[INFO] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[INFO] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
[INFO] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
[INFO] at sun.security.validator.Validator.validate(Validator.java:260)
[INFO] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
[INFO] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
[INFO] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
[INFO] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
[INFO] ... 42 more
[INFO] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[INFO] at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
[INFO] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
[INFO] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
[INFO] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
[INFO] ... 48 more
Plugin configuration is simple:
<plugin>
<groupId>com.versioneye</groupId>
<artifactId>versioneye-maven-plugin</artifactId>
<version>3.10.2</version>
<configuration>
<projectId>${versioneye.projectId}</projectId>
</configuration>
<executions>
<execution>
<phase>verify</phase>
<goals><goal>update</goal></goals>
</execution>
</executions>
</plugin>When I attempted to execute the versioneye-maven-plugin's update goal via maven I got the same error that is reported here.
SSLPoke.java is a class that attempts to connect to the https port of a web site. The source is here https://www.soft-gator.com/gfiles/SSLPoke.java
when I execute it with the arguments host = www.amazon.com port=443 it succeeds
when I execute it with the arguments host = www.versioneye.com port = 443 it fails
I see that you are trying to use a LetsEncrypt SSL certificate again. My browser (Chrome) accepts the LetsEncrypt cert, whose cert chain is rooted with a DST Root CA X3 cert, but my Oracle Java 1.8.0_66 JVM does not.
I am still of the opinion that the LetsEncrypt cert is going to cause problems for some large percentage of your potential customers.
Please let us know when you start using a generally acceptable SSL cert again, because until then your service won't work for many of us who depend on it.
@longtimeago @andyglick Hi guys. That's true, the old payed SSL cert. expired and I installed an LetsEncrypt cert which is for free. Java 8 update 101 and higher has support for LetsEncrypt. Please update your JVM to fix this issue. I updated my JVM installation and it works for me now.
The thing is that the cloud version of VersionEye is mostly used by users who don't pay anything for the service. The subscriptions from paying users just cover the infrastructure costs, but not more. That's why I'm not willing to spend more Money for an SSL cert. Are you guys paying for VersionEye.com? If one of you is paying at least for the "Freelance plan" I will spend Money for an SSL cert. But I'm not willing to spend Money on users who only cost me Money. I'm not your sugar Dady, because I don't have VC Money to burn.
Alternatively you can run your own VersionEye instance with your own SSL cert. it's all open source and here is described how to install it: https://github.com/versioneye/ops_contrib.
I hope you understand my point.
Makes perfect sense. Would be good to update FAQ with the minimum JVM needed for this to work.