Allow connections to SSL sites with invalid certificates

[twogee]

Issue by GoogleCodeExporter Monday May 11, 2015 at 22:05 GMT Originally opened as https://github.com/twogee/missing-link/issues/31

---

What steps will reproduce the problem?
1. HTTP POST to a SSL site with an invalid certificate

What is the expected output? 
No failures or exceptions

What do you see instead?
C:\mWeb2\jControl>ant  http-post
Buildfile: build.xml

http-post:
     [http] HTTP Request
     [http] ********************
     [http] URL:                https://ols-mweb2.macbank:8643/mweb2_gui/api/v1/requests
     [http] Method:             POST
     [http]     Content-Type: text/xml

BUILD FAILED
org.missinglink.http.exception.HttpCertificateException: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path bui
lding failed: sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target
        at org.missinglink.http.client.HttpClient.invoke(HttpClient.java:431)
        at org.missinglink.ant.task.http.HttpClientTask.execute(HttpClientTask.java:316)
        at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
        at org.apache.tools.ant.Task.perform(Task.java:348)
        at org.apache.tools.ant.Target.execute(Target.java:357)
        at org.apache.tools.ant.Target.performTasks(Target.java:385)
        at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1337)
        at org.apache.tools.ant.Project.executeTarget(Project.java:1306)
        at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
        at org.apache.tools.ant.Project.executeTargets(Project.java:1189)
        at org.apache.tools.ant.Main.runBuild(Main.java:758)
        at org.apache.tools.ant.Main.startAnt(Main.java:217)
        at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257)
        at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104)
Caused by: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.S
unCertPathBuilderException: unable to find valid certification path to 
requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:904)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
        at org.missinglink.http.client.HttpClient.invoke(HttpClient.java:388)
        ... 18 more
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
 find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:294)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:200)
        at sun.security.validator.Validator.validate(Validator.java:218)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
        ... 30 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:289)
        ... 36 more

Total time: 1 second

What version of the product are you using? 
1.1.3 

On what operating system?
Windows XP

Please provide any additional information below.

Original issue reported on code.google.com by austin.c...@gmail.com on 16 Jan 2012 at 5:22

[twogee]

Comment by GoogleCodeExporter Monday May 11, 2015 at 22:05 GMT

---

Ideally there should be an option to ignore SSL validation errors.

Original comment by austin.c...@gmail.com on 16 Jan 2012 at 5:23

[twogee]

Comment by GoogleCodeExporter Monday May 11, 2015 at 22:05 GMT

---

The Fikin Ant Tasks (http://fikin-ant-tasks.sourceforge.net) "httpget" has an 
option that allows SSL validation to be trusted.

* sslAcceptUntrusted: set SSL accept-untrusted or self-signed (certificates) 
option.

Original comment by stuart.w...@gmail.com on 17 Oct 2012 at 12:49