search

Quantizr / DungeonRoomsMod

A 1.8.9 Minecraft Forge Mod for Hypixel Skyblock which adds Secret Waypoints to Dungeons
https://quantizr.github.io
GNU General Public License v3.0
141 stars 54 forks source link

javax.net.ssl.SSLHandshakeException #29

Open R2kip opened 7 months ago

R2kip commented 7 months ago 
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.Alerts.getSSLException(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.Handshaker.processLoop(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.Handshaker.process_record(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.net.www.protocol.http.HttpURLConnection.access$200(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.net.www.protocol.http.HttpURLConnection$9.run(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at java.security.AccessController.doPrivileged(Native Method)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at java.security.AccessController.doPrivileged(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at java.net.URL.openStream(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at io.github.quantizr.dungeonrooms.DungeonRooms.lambda$onServerConnect$8(DungeonRooms.java:236)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at io.github.quantizr.dungeonrooms.DungeonRooms$$Lambda$624/1113911512.run(Unknown Source)
[12:32:48] [Thread-45/INFO] [STDERR]: [io.github.quantizr.dungeonrooms.DungeonRooms:lambda$onServerConnect$8:247]:  at java.lang.Thread.run(Unknown Source)
R2kip commented 7 months ago

An example of how this problem was solved https://github.com/symt/BazaarNotifier/commit/988b2728538c45aba6ca3f240c3c718b8608fd12#diff-c3397109ab6d0e902dbb35ede6adb608cfa8a4c9e2ab7e9e55c9c988f9037ef2

KoutaChan commented 7 months ago

I think motd can be removed because it is no longer used. Anyway this message can be ignored

Quantizr commented 7 months ago

I had to fix this 3 years ago for something else I was working on... I specifically chose to use gists for this since it didn't have that problem but RIP.

The problem with the fix there and in your link is it disables certificate checking altogether... which isn't a great practice for security but the alternative seems to be manually doing certificate checking on the gist, and the current certificate expires in a year.

On the other hand, the worst a MIM attacker could do is change the MOTD which is displayed, so perhaps to avoid the error...

Quantizr commented 7 months ago

I think motd can be removed because it is no longer used. Anyway this message can be ignored

The point of the MOTD was so I could occasionally display messages if I wanted (since gists are editable, the current blank MOTD can be changed). I've used it to tell users about new updates or giveaways before.

Quantizr commented 7 months ago

The problem is Minecraft, by default, launches 1.8.9 on Java 8u51, which is a version of Java released in 2015 (and contains many security vulnerabilities). I just tested this and the problem described in this issue does not exist when launching Minecraft with a newer version of Java since the new certificates (and patches to all other vulnerabilities) are in newer Java versions.

The real solution here is for everyone playing to manually download the latest version of Java 8 and set their Minecraft instance's Java version to that. However, given the average SkyBlock player's familiarity with computers, this is unlikely to happen.