View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005897SymmetricDSBugpublic2023-06-26 17:202023-06-27 16:00
Reporteremiller Assigned Toemiller  
Prioritynormal 
Status closedResolutionfixed 
Product Version3.14.0 
Target Version3.14.8Fixed in Version3.14.8 
Summary0005897: ValidatorException while validating self-signed X509 certificate
DescriptionIt's possible for an ValidatorException to occur during node communication when a self-signed X509 certificate is validated. The below exception occurs when the array of certificates passed to the SelfSignedX509TrustManager contains more than 1 certificate. If the array only contains duplicates of the same certificate, then the trust manager should check the validity of one of the certificates.

Could not communicate with node [node ID] at [sync URL] because of unexpected error StackTraceKey.init [IoException:683851192] org.jumpmind.exception.IoException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at org.jumpmind.symmetric.transport.http.HttpOutgoingTransport.requestReservation(HttpOutgoingTransport.java:212)
    at org.jumpmind.symmetric.transport.http.HttpOutgoingTransport.getSuspendIgnoreChannelLists(HttpOutgoingTransport.java:336)
    at com.jumpmind.symmetric.console.remote.m.getSuspendIgnoreChannelLists(RemoteStatusHttpOutgoingTransport.java:79)
    at org.jumpmind.symmetric.service.impl.DataExtractorService.extract(DataExtractorService.java:581)
    at org.jumpmind.symmetric.service.impl.PushService.pushToNode(PushService.java:214)
    at org.jumpmind.symmetric.service.impl.PushService.execute(PushService.java:175)
    at org.jumpmind.symmetric.service.impl.NodeCommunicationService$1.run(NodeCommunicationService.java:536)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:347)
    at org.jumpmind.symmetric.transport.http.HttpConnection.getResponseCode(HttpConnection.java:125)
    at org.jumpmind.symmetric.transport.http.HttpOutgoingTransport.requestReservation(HttpOutgoingTransport.java:209)
    ... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:240)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
    at org.jumpmind.symmetric.transport.http.SelfSignedX509TrustManager.checkServerTrusted(SelfSignedX509TrustManager.java:90)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
    ... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
    ... 32 more
TagsNo tags attached.

Relationships

related to 0005896 closedemiller ValidatorException while validating self-signed X509 certificate 
related to 0005895 closedemiller ValidatorException while validating self-signed X509 certificate 

Activities

There are no notes attached to this issue.

Related Changesets

SymmetricDS: 3.14 2bf7bc6f

2023-06-27 15:10:15

evan-miller-jumpmind

Details Diff 		0005897: Fixed ValidatorException while validating self-signed X509 certificate Affected Issues
0005897
mod - symmetric-core/src/main/java/org/jumpmind/symmetric/transport/http/SelfSignedX509TrustManager.java Diff File

Issue History

Date Modified Username Field Change
2023-06-26 17:20 emiller New Issue
2023-06-26 17:20 emiller Status new => assigned
2023-06-26 17:20 emiller Assigned To => emiller
2023-06-26 17:20 emiller Issue generated from: 0005896
2023-06-26 17:20 emiller Relationship added related to 0005896
2023-06-26 17:21 emiller Relationship added related to 0005895
2023-06-27 15:11 emiller Status assigned => resolved
2023-06-27 15:11 emiller Resolution open => fixed
2023-06-27 15:11 emiller Fixed in Version => 3.14.8
2023-06-27 15:11 emiller Target Version => 3.14.8
2023-06-27 16:00 Changeset attached => SymmetricDS 3.14 2bf7bc6f
2023-07-19 12:58 admin Status resolved => closed