Thanks Oleg, I'll take it from here, now that I know where to start from. -- Christopher
On 30 December 2013 11:51, Oleg Kalnichevski <[email protected]> wrote: > On Sun, 2013-12-29 at 14:48 +0100, Christopher BROWN wrote: >> Hello, >> >> I've dealt with an issue where an application being migrated to HTTP client >> has (with the original HttpURLConnection class) thrown this exception: >> >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> This was due to a missing entry in the keystore, easy enough for me to fix. >> However, when the code in question is migrated to HTTP client 4.3+, is >> there any API for detecting that a missing keystore entry was the cause, >> and providing user feedback such as "the server is using a SSL certificate >> from Gandi, however this authority has no entry in the keystore" (I'd build >> the message, but would need to have an API to query the certificate info). >> >> Thanks, >> Christopher BROWN > > > Hi Christopher > > Strictly speaking this problem has nothing to do with HttpClient as > such. It's just purely JSSE programming. > > HttpClient 4.3 ships with SSLContextBuilder [1] which is unlikely to > have functionality you want out of the box, but you could take this > class as a starting point for your own custom version of it. Have a look > at TrustManagerDelegate. With a few minor modifications it should be > able to generate more descriptive feedback in case of a trust validation > failure either in a form of a better exception or a log entry. > > Hope this helps > > Oleg > > [1] > http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/xref/org/apache/http/conn/ssl/SSLContextBuilder.html > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
