Closed zhchangqing closed 3 months ago
zhchangqing
commented
4 months ago Error retrieving the NVD data java.util.concurrent.ExecutionException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name
Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name
zhchangqing
commented
4 months ago NVD API request failures are occurring; retrying request for the 11 time Ticket returned At: 15:10:53; count: 51; by 36 request failed javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:672) at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:627) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:443) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:422) at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634) at org.apache.hc.core5.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:330) at org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:386) at org.apache.hc.core5.reactor.ssl.SSLIOSession.access$100(SSLIOSession.java:74) at org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:201) at org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:142) at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51) at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:178) at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:127) at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:86) at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44) at java.base/java.lang.Thread.run(Thread.java:834)
zhchangqing
commented
4 months ago Error retrieving the NVD data java.util.concurrent.ExecutionException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122) at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.getCompletedFuture(NvdCveClient.java:412) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:321) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:368) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:368) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:368) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:368) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:368) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:368) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:368) at io.github.jeremylong.vulnz.cli.commands.CveCommand.processRequest(CveCommand.java:270) at io.github.jeremylong.vulnz.cli.commands.CveCommand.timedCall(CveCommand.java:223) at io.github.jeremylong.vulnz.cli.commands.TimedCommand.call(TimedCommand.java:36) at io.github.jeremylong.vulnz.cli.commands.TimedCommand.call(TimedCommand.java:25) at picocli.CommandLine.executeUserObject(CommandLine.java:2041) at picocli.CommandLine.access$1500(CommandLine.java:148) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461) at picocli.CommandLine$RunLast.handle(CommandLine.java:2453) at picocli.CommandLine$RunLast.handle(CommandLine.java:2415) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273) at picocli.CommandLine$RunLast.execute(CommandLine.java:2417) at picocli.CommandLine.execute(CommandLine.java:2170) at io.github.jeremylong.vulnz.cli.Application.run(Application.java:73) at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:768) at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:752) at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1303) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1292) at io.github.jeremylong.vulnz.cli.Application.main(Application.java:61) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65) Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name
zhchangqing
commented
4 months ago GenericCacheConfiguration matched:
Cache org.springframework.boot.autoconfigure.cache.GenericCacheConfiguration automatic cache type (CacheCondition)
MustacheAutoConfiguration matched:
@ConditionalOnClass found required class 'com.samskivert.mustache.Mustache' (OnClassCondition)
MustacheAutoConfiguration#mustacheCompiler matched:
@ConditionalOnMissingBean (types: com.samskivert.mustache.Mustache$Compiler; SearchStrategy: all) did not find any beans (OnBeanCondition)
MustacheAutoConfiguration#mustacheTemplateLoader matched:
@ConditionalOnMissingBean (types: com.samskivert.mustache.Mustache$TemplateLoader; SearchStrategy: all) did not find any beans (OnBeanCondition)
NoOpCacheConfiguration matched:
Cache org.springframework.boot.autoconfigure.cache.NoOpCacheConfiguration automatic cache type (CacheCondition)
PicocliAutoConfiguration matched:
@ConditionalOnClass found required class 'picocli.CommandLine' (OnClassCondition)
PicocliAutoConfiguration#picocliSpringFactory matched:
@ConditionalOnMissingBean (types: picocli.CommandLine$IFactory; SearchStrategy: all) did not find any beans (OnBeanCondition)
PicocliAutoConfiguration#picocliSpringFactoryImpl matched:
@ConditionalOnMissingBean (types: picocli.spring.PicocliSpringFactory; SearchStrategy: all) did not find any beans (OnBeanCondition)
SimpleCacheConfiguration matched:
zhchangqing
commented
4 months ago rate limited call delay: 3000 rate limited call delay: 3000 rate limited call delay: 3000 rate limited call delay: 3000 requesting URI: https://services.nvd.nist.gov/rest/json/cves/2.0?resultsPerPage=2000&startIndex=0 Ticket taken At: 15:31:15; count: 1; by 35 Requested At: 15:31:15; URI: /rest/json/cves/2.0?resultsPerPage=2000&startIndex=0 Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443 Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=0 : 2 time Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443 Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=0 : 3 time Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443 Retrying request /rest/json/cves/2.0?resultsPerPage=2000&startIndex=0 : 4 time Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 5 time Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 6 time Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 7 time Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 8 time Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443
zhchangqing
commented
4 months ago NVD API request failures are occurring; retrying request for the 11 time Ticket returned At: 15:34:45; count: 2; by 35 request failed javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:672) at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:627) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:443) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:422) at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634) at org.apache.hc.core5.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:330) at org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:386) at org.apache.hc.core5.reactor.ssl.SSLIOSession.access$100(SSLIOSession.java:74) at org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:201) at org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:142) at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51) at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:178) at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:127) at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:86) at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44) at java.base/java.lang.Thread.run(Thread.java:834) Error retrieving the NVD data java.util.concurrent.ExecutionException: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name at java.base/java.util.concurrent.FutureTask.report(FutureTask.java:122) at java.base/java.util.concurrent.FutureTask.get(FutureTask.java:191) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.getCompletedFuture(NvdCveClient.java:412) at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next(NvdCveClient.java:321) at io.github.jeremylong.vulnz.cli.commands.CveCommand.processRequest(CveCommand.java:270) at io.github.jeremylong.vulnz.cli.commands.CveCommand.timedCall(CveCommand.java:223) at io.github.jeremylong.vulnz.cli.commands.TimedCommand.call(TimedCommand.java:36) at io.github.jeremylong.vulnz.cli.commands.TimedCommand.call(TimedCommand.java:25) at picocli.CommandLine.executeUserObject(CommandLine.java:2041) at picocli.CommandLine.access$1500(CommandLine.java:148) at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2461) at picocli.CommandLine$RunLast.handle(CommandLine.java:2453) at picocli.CommandLine$RunLast.handle(CommandLine.java:2415) at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2273) at picocli.CommandLine$RunLast.execute(CommandLine.java:2417) at picocli.CommandLine.execute(CommandLine.java:2170) at io.github.jeremylong.vulnz.cli.Application.run(Application.java:73) at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:768) at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:752) at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1303) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1292) at io.github.jeremylong.vulnz.cli.Application.main(Application.java:61) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) at org.springframework.boot.loader.Launcher.launch(Launcher.java:108) at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:65) Caused by: java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name at org.apache.hc.core5.concurrent.BasicFuture.getResult(BasicFuture.java:72) at org.apache.hc.core5.concurrent.BasicFuture.get(BasicFuture.java:85) at io.github.jeremylong.openvulnerability.client.nvd.RateLimitedClient.delayedExecute(RateLimitedClient.java:201) at io.github.jeremylong.openvulnerability.client.nvd.RateLimitedClient.lambda$execute$0(RateLimitedClient.java:172) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unrecognized_name at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:279) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164) at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:672) at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:627) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:443) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:422) at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:634) at org.apache.hc.core5.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:330) at org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:386) at org.apache.hc.core5.reactor.ssl.SSLIOSession.access$100(SSLIOSession.java:74) at org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:201) at org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:142) at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51) at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:178) at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:127) at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:86) at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44) ... 1 common frames omitted
zhchangqing
commented
4 months ago export JAVA_OPTS="-Xmx2g -Djsse.enableSNIExtension=false -Dhttps.protocols=TLSv1.3 -Djdk.tls.client.protocols=TLSv1.3"
vulnz cve --cache --directory ./cache --threads=4 --debug --delay=3000 --prettyPrint
Recoverable I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request to {s}->https://services.nvd.nist.gov:443
jeremylong
commented
4 months ago Recoverable IO exceptions happen. they don't affect the outcome and I haven't spent enough time trying to figure out how to suppress these messages. Did you get the rest to work?
jeremylong
commented
4 months ago You don't have an API key so I would suggest:
export JAVA_OPTS="-Xmx2g"
vulnz cve --cache --directory ./cache --threads=1 --debug --delay=8000 --prettyPrintYeah - it'll take a long time the very first time you create the cache. But if you run it more frequently (daily/weely) you are only updating a small amount so it will be fast.
zhchangqing
commented
4 months ago hello,dear Jeremy Long
I modify the configuration “analyzer.central.url=https://search.maven.org/solrsearch/select” . local maven (search.maven.org),beacuse I can not access internet
# the URL for searching search.maven.org for SHA-1 [ERROR] Could not connect to Central search. Analysis failed. java.io.IOException: Finally failed connecting to Central search. Giving up after 7 tries. at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:363) at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:228) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1500) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421) at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:142) at org.owasp.dependencycheck.data.central.CentralSearch.searchSha1(CentralSearch.java:169) at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:340) ... 8 common frames omitted Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) ... 24 common frames omitted Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 29 common frames omitted [WARN] An error occurred while analyzing 'D:\01 ȫ\01 ȫϵ\02 MACű\QRCodeDemo\lib\itext-2.1.7.jar' (Central Analyzer). [ERROR] Could not connect to Central search. Analysis failed. java.io.IOException: Finally failed connecting to Central search. Giving up after 7 tries. at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:363) at org.owasp.dependencycheck.analyzer.CentralAnalyzer.analyzeDependency(CentralAnalyzer.java:228) at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88) at org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:833) Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1500) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421) at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:142) at org.owasp.dependencycheck.data.central.CentralSearch.searchSha1(CentralSearch.java:169) at org.owasp.dependencycheck.analyzer.CentralAnalyzer.fetchMavenArtifacts(CentralAnalyzer.java:340) ... 8 common frames omitted Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) ... 24 common frames omitted Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 29 common frames omitted
中国光大银行 科技研发中心 研发技术管理域 开发安全管理团队 常青 地址:北京市石景山区首钢园光大金融科技中心 邮编:100045 电话:010-56810514 内线8514 手机:15901213790 @.*** IT服务台坐席电话:95595-999
发件人: Jeremy Long 发送时间: 2024-03-13 18:35 收件人: jeremylong/Open-Vulnerability-Project 抄送: zhchangqing; Author 主题: Re: [jeremylong/Open-Vulnerability-Project] Unable to connect to the server continuously,retrying request for the XX time (Issue #144) You don't have an API key so I would suggest: export JAVA_OPTS="-Xmx2g" vulnz cve --cache --directory ./cache --threads=1 --debug --delay=8000 --prettyPrint
Yeah - it'll take a long time the very first time you create the cache. But if you run it more frequently (daily/weely) you are only updating a small amount so it will be fast. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
提示信息: 本邮件(及任何附件)可能含有机密、专有、具有特权或者受法律保护的资料,仅供指定收件人(或负责将资料转交收件人的人士)使用。如您非本邮件指定收件人,则无权阅读、打印、保留、复制、传播本邮件或其任何部分。如您误收本邮件,请立即销毁或从您的系统中删除,并通知寄件人。中国光大银行不保证本电子邮件是安全的、无错误的/或者免除病毒的,因为电子邮件信息可能会在传输过程中被截取、修改、损坏、遗失、延迟/或者变得不完整/或者被病毒感染。因此,中国光大银行及寄件人不对因本邮件内容的任何错误和遗漏而造成的损失或损害承担任何责任。 This message (and any attachments) may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee (or a person responsible for delivering it to the addressee). If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please destroy the message or delete it from your system immediately and notify the sender. CEB cannot guarantee that this e-mail is secure, error free and/or virus-free as e-mail messages could be intercepted, altered, corrupted, lost, delayed or become incomplete and/or infected by viruses in the course of their transmission. CEB and the sender therefore do not accept liability for any loss or damage arising from any errors or omissions in the contents of this e-mail.
jeremylong
commented
4 months ago jeremylong
commented
3 months ago Unable to reproduce with the information given. I know the NVD API has been down a few times recently.
ecoverable I/O exception (org.apache.hc.core5.http.ConnectionClosedException) caught when processing request to {s}->https://services.nvd.nist.gov:443 Recoverable I/O exception (org.apache.hc.core5.http2.impl.nio.ProtocolNegotiationException) caught when processing request to {s}->https://services.nvd.nist.gov:443 Recoverable I/O exception (java.net.NoRouteToHostException) caught when processing request to {s}->https://services.nvd.nist.gov:443 Recoverable I/O exception (org.apache.hc.core5.http2.impl.nio.ProtocolNegotiationException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 5 time Recoverable I/O exception (org.apache.hc.core5.http2.impl.nio.ProtocolNegotiationException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 6 time Recoverable I/O exception (org.apache.hc.core5.http2.impl.nio.ProtocolNegotiationException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 7 time Recoverable I/O exception (org.apache.hc.core5.http2.impl.nio.ProtocolNegotiationException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 8 time Recoverable I/O exception (org.apache.hc.core5.http2.impl.nio.ProtocolNegotiationException) caught when processing request to {s}->https://services.nvd.nist.gov:443 NVD API request failures are occurring; retrying request for the 9 time