[jira] [Resolved] (NIFI-7235) 1.11.3 broke SSL
[ https://issues.apache.org/jira/browse/NIFI-7235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt resolved NIFI-7235. Resolution: Information Provided > 1.11.3 broke SSL > > > Key: NIFI-7235 > URL: https://issues.apache.org/jira/browse/NIFI-7235 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.11.3 > Environment: Linux, Java 8 and 11 >Reporter: Lance Kinley >Priority: Major > Attachments: nifi-error.png > > > After signing in via client certificate, the UI shows: > PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > This does not occur on 1.10.0 - 1.11.2 > I am using a self-signed CA and certs generated from it. > Stack trace in log: > 2020-03-07 06:10:30,369 WARN [Replicate Request Thread-1] > o.a.n.c.c.h.r.ThreadPoolRequestReplicator > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) > at > okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:302) > at > okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:270) > at > okhttp3.internal.connection.RealConnection.connect(RealConnection.java:162) > at > okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257) > at > okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135) > at > okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114) > at > okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) > at > okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) > at > okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) > at > okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) > at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) > at okhttp3.RealCall.execute(RealCall.java:77) > at > org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:143) > at > org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:137) > at > org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:647) > at > org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:839) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to >
[jira] [Resolved] (NIFI-7235) 1.11.3 broke SSL
[ https://issues.apache.org/jira/browse/NIFI-7235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lance Kinley resolved NIFI-7235. Fix Version/s: 1.11.3 Resolution: Fixed Closing due to workable solution > 1.11.3 broke SSL > > > Key: NIFI-7235 > URL: https://issues.apache.org/jira/browse/NIFI-7235 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework >Affects Versions: 1.11.3 > Environment: Linux, Java 8 and 11 >Reporter: Lance Kinley >Priority: Major > Fix For: 1.11.3 > > Attachments: nifi-error.png > > > After signing in via client certificate, the UI shows: > PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > This does not occur on 1.10.0 - 1.11.2 > I am using a self-signed CA and certs generated from it. > Stack trace in log: > 2020-03-07 06:10:30,369 WARN [Replicate Request Thread-1] > o.a.n.c.c.h.r.ThreadPoolRequestReplicator > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) > at > okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:302) > at > okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:270) > at > okhttp3.internal.connection.RealConnection.connect(RealConnection.java:162) > at > okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257) > at > okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135) > at > okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114) > at > okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) > at > okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) > at > okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) > at > okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) > at > okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) > at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) > at okhttp3.RealCall.execute(RealCall.java:77) > at > org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:143) > at > org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient.replicate(OkHttpReplicationClient.java:137) > at > org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator.replicateRequest(ThreadPoolRequestReplicator.java:647) > at > org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestReplicator$NodeHttpRequest.run(ThreadPoolRequestReplicator.java:839) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Caused by: sun.security.validator.ValidatorException: PKIX path