Re: [p2-dev] RCP update failing
Ed Merkswrites: > Based on past experience, this problem will likely go away if you > update your version of Java which will update Java the root > certificates. Pretty sure it wouldn't: #1: Requesting http:// resource and failing with TLS/SSL-related exception?! Looks suspicious, at least, and raises #2: #2: it becomes popular to terminate TLS traffic at the border and re-encrypt it with self-issued and self-signed certificate. Such certificate MUST be provided to the client, otherwise client will get sun.security.validator.ValidatorException: PKIX path building failed. #3: Open p2 repo in Web browser and check what certificate is provided to the browser. Check https://duckduckgo.com/?q=java+key+tool+import+certificate for how to import certificate into a keystore. > On 05.11.2017 05:40, Timothy Vogel wrote: >> >> An update site that has been working is now failing with the >> exception below. It is trying to read p2.index. This file does not >> exist in the composite repo nor the product repo. I created one >> with minimal contents and receive the same error. >> >> Any suggestions on how to debug? >> >> Thanks >> >> Timothy >> >> 20171105 00:15:08.536 11548 ERROR >> com.easa.acmotor.base.BusinessStatusHandler - uncaught exception: >> org.eclipse.equinox.p2.transport.ecf : Connection to >> http://www.xxx.com/sites/motordb_update/repository/p2.index failed >> on sun.security.validator.ValidatorException: PKIX path building >> failed: sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target. Retry >> attempt 0 started >> >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path building >> failed: sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target [...] -- Mykola https://manandbytes.github.io/ ___ p2-dev mailing list p2-dev@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/p2-dev
Re: [p2-dev] RCP update failing
I can't tell from this stack trace what exactly you're doing, but normally such a thing would only happen while checking for updates. Is that what you were doing? Controlling what's in Window -> Preferences -> Install/Update -> Available Software Sites should help eliminate the offensive update site. On 12.11.2017 12:34, Timothy Vogel wrote: Ed, Thanks for your suggestion. I updated the Java version to the latest 1.8 update and still receive the same error. Any ideas why an rcp installation would reference a p2.index file? Is there any way to "clean out" a specific reference to that file from an existing rcp installation? Timothy From: Ed Merks Sent: Sunday, November 5, 05:00 Subject: Re: [p2-dev] RCP update failing To: p2-dev@eclipse.org Timothy, Based on past experience, this problem will likely go away if you update your version of Java which will update Java the root certificates. On 05.11.2017 05:40, Timothy Vogel wrote: An update site that has been working is now failing with the exception below. It is trying to read p2.index. This file does not exist in the composite repo nor the product repo. I created one with minimal contents and receive the same error. Any suggestions on how to debug? Thanks Timothy 20171105 00:15:08.536 11548 ERROR com.easa.acmotor.base.BusinessStatusHandler - uncaught exception: org.eclipse.equinox.p2.transport.ecf : Connection to http://www.xxx.com/sites/motordb_update/repository/ <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xxx.com%2Fsites%2Fmotordb_update%2Frepository%2Fp2.index=02%7C01%7CTVogel%40msn.com%7C41fd6b6ad7d742ad750908d5243402df%7C84df9e7fe9f640afb435%7C1%7C0%7C636454728162685505=YT4L8kjCZLW41inK6VGqJLgCkDZyZ5LPbxBE7SUTQpw%3D=0>p2 <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xxx.com%2Fsites%2Fmotordb_update%2Frepository%2Fp2.index=02%7C01%7CTVogel%40msn.com%7C41fd6b6ad7d742ad750908d5243402df%7C84df9e7fe9f640afb435%7C1%7C0%7C636454728162685505=YT4L8kjCZLW41inK6VGqJLgCkDZyZ5LPbxBE7SUTQpw%3D=0>.index <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xxx.com%2Fsites%2Fmotordb_update%2Frepository%2Fp2.index=02%7C01%7CTVogel%40msn.com%7C41fd6b6ad7d742ad750908d5243402df%7C84df9e7fe9f640afb435%7C1%7C0%7C636454728162685505=YT4L8kjCZLW41inK6VGqJLgCkDZyZ5LPbxBE7SUTQpw%3D=0> failed on sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Retry attempt 0 started javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.AppOutputStream.write(Unknown Source) ~[na:1.8.0_60] at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:159) ~[na:na] at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:166) ~[na:na] at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:272) ~[na:na] at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:277) ~[na:na] at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:201) ~[na:na] at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:239) ~[na:na] at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:121) ~[na:na] at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(Defa
Re: [p2-dev] RCP update failing
Ed, Thanks for your suggestion. I updated the Java version to the latest 1.8 update and still receive the same error. Any ideas why an rcp installation would reference a p2.index file? Is there any way to "clean out" a specific reference to that file from an existing rcp installation? Timothy From: Ed Merks Sent: Sunday, November 5, 05:00 Subject: Re: [p2-dev] RCP update failing To: p2-dev@eclipse.org Timothy, Based on past experience, this problem will likely go away if you update your version of Java which will update Java the root certificates. On 05.11.2017 05:40, Timothy Vogel wrote: An update site that has been working is now failing with the exception below. It is trying to read p2.index. This file does not exist in the composite repo nor the product repo. I created one with minimal contents and receive the same error. Any suggestions on how to debug? Thanks Timothy 20171105 00:15:08.536 11548 ERROR com.easa.acmotor.base.BusinessStatusHandler - uncaught exception: org.eclipse.equinox.p2.transport.ecf : Connection to http://www.xxx.com/sites/motordb_update/repository/<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xxx.com%2Fsites%2Fmotordb_update%2Frepository%2Fp2.index=02%7C01%7CTVogel%40msn.com%7C41fd6b6ad7d742ad750908d5243402df%7C84df9e7fe9f640afb435%7C1%7C0%7C636454728162685505=YT4L8kjCZLW41inK6VGqJLgCkDZyZ5LPbxBE7SUTQpw%3D=0>p2<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xxx.com%2Fsites%2Fmotordb_update%2Frepository%2Fp2.index=02%7C01%7CTVogel%40msn.com%7C41fd6b6ad7d742ad750908d5243402df%7C84df9e7fe9f640afb435%7C1%7C0%7C636454728162685505=YT4L8kjCZLW41inK6VGqJLgCkDZyZ5LPbxBE7SUTQpw%3D=0>.index<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xxx.com%2Fsites%2Fmotordb_update%2Frepository%2Fp2.index=02%7C01%7CTVogel%40msn.com%7C41fd6b6ad7d742ad750908d5243402df%7C84df9e7fe9f640afb435%7C1%7C0%7C636454728162685505=YT4L8kjCZLW41inK6VGqJLgCkDZyZ5LPbxBE7SUTQpw%3D=0> failed on sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Retry attempt 0 started javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.AppOutputStream.write(Unknown Source) ~[na:1.8.0_60] at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:159) ~[na:na] at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:166) ~[na:na] at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:272) ~[na:na] at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:277) ~[na:na] at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:201) ~[na:na] at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:239) ~[na:na] at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:121) ~[na:na] at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685) ~[na:na] at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487) ~[na:na] at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) ~[na:na] at org.apache.http.impl.client.CloseableHttpClient.execute(Closeable
Re: [p2-dev] RCP update failing
Timothy, Based on past experience, this problem will likely go away if you update your version of Java which will update Java the root certificates. On 05.11.2017 05:40, Timothy Vogel wrote: An update site that has been working is now failing with the exception below. It is trying to read p2.index. This file does not exist in the composite repo nor the product repo. I created one with minimal contents and receive the same error. Any suggestions on how to debug? Thanks Timothy 20171105 00:15:08.536 11548 ERROR com.easa.acmotor.base.BusinessStatusHandler - uncaught exception: org.eclipse.equinox.p2.transport.ecf : Connection to http://www.xxx.com/sites/motordb_update/repository/p2.index failed on sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Retry attempt 0 started javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.AppOutputStream.write(Unknown Source) ~[na:1.8.0_60] at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:159) ~[na:na] at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:166) ~[na:na] at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:272) ~[na:na] at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:277) ~[na:na] at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:201) ~[na:na] at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:239) ~[na:na] at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:121) ~[na:na] at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685) ~[na:na] at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487) ~[na:na] at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) ~[na:na] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[na:na] at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.performConnect(HttpClientRetrieveFileTransfer.java:1084) ~[na:na] at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.access$0(HttpClientRetrieveFileTransfer.java:1075) ~[na:na] at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer$1.performFileTransfer(HttpClientRetrieveFileTransfer.java:1071) ~[na:na] at org.eclipse.ecf.filetransfer.FileTransferJob.run(FileTransferJob.java:74) ~[na:na] at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) ~[na:na] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[na:1.8.0_60] at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[na:1.8.0_60] at sun.security.validator.Validator.validate(Unknown Source) ~[na:1.8.0_60] at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)