[jitsi-dev] changes_html SSL error


#1

Hi,

I compile from source build 4154 and provide my own HTTPS provisioning and update server. Earlier Jitsi versions worked fine but more recent ones give an SSL error like the one below (tested with v. 4154). My HTTPS certificates are self-signed. How can I quickly work around this?

13:11:24.216 SEVERE: plugin.update.Update.showWindowsNewVersionAvailableDialog().721 Cannot set changes Page
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at java.net.HttpURLConnection.getResponseCode(Unknown Source)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
  at javax.swing.JEditorPane.getStream(Unknown Source)
  at javax.swing.JEditorPane.setPage(Unknown Source)
  at net.java.sip.communicator.plugin.update.Update.showWindowsNewVersionAvailableDialog(Update.java:717)
  at net.java.sip.communicator.plugin.update.Update.access$100(Update.java:38)
  at net.java.sip.communicator.plugin.update.Update$1.run(Update.java:127)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
  at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
  at sun.security.validator.Validator.validate(Unknown Source)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
  ... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
  at java.security.cert.CertPathBuilder.build(Unknown Source)
  ... 24 more

Thanks,

Vieri

.


#2

Since the chamges_html URI access doesn't imply any security risks at least as far as I'm concerned, I've simply changed the code in

plugin/update/update.java

so that the "changes link" scheme is silently replaced to http://:

                    changesLink
                        = updateLink.substring(
                                0,
                                updateLink.lastIndexOf("/") + 1)
                            .replace("https://", "http://")
                            + props.getProperty("changes_html");

Since this hack is OK for me, you can drop my question.

Thanks,

Vieri

···

--- On Thu, 8/16/12, Vieri <rentorbuy@yahoo.com> wrote:

Hi,

I compile from source build 4154 and provide my own HTTPS
provisioning and update server. Earlier Jitsi versions
worked fine but more recent ones give an SSL error like the
one below (tested with v. 4154). My HTTPS certificates are
self-signed. How can I quickly work around this?

13:11:24.216 SEVERE:
plugin.update.Update.showWindowsNewVersionAvailableDialog().721
Cannot set changes Page
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path
building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
at
java.net.HttpURLConnection.getResponseCode(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown
Source)
at
javax.swing.JEditorPane.getStream(Unknown Source)
at
javax.swing.JEditorPane.setPage(Unknown Source)
at
net.java.sip.communicator.plugin.update.Update.showWindowsNewVersionAvailableDialog(Update.java:717)
at
net.java.sip.communicator.plugin.update.Update.access$100(Update.java:38)
at
net.java.sip.communicator.plugin.update.Update$1.run(Update.java:127)
Caused by: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(Unknown
Source)
at
sun.security.validator.PKIXValidator.engineValidate(Unknown
Source)
at
sun.security.validator.Validator.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 18 more
Caused by:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at
java.security.cert.CertPathBuilder.build(Unknown Source)
... 24 more

Thanks,

Vieri