connectjavax.net.ssl.SSLHandshakeException: Chain validation failed

square / okhttp

Square’s meticulous HTTP client for the JVM, Android, and GraalVM.

https://square.github.io/okhttp/

Apache License 2.0

45.71k stars 9.15k forks source link

connectjavax.net.ssl.SSLHandshakeException: Chain validation failed #8502

Open louishot opened 1 month ago

louishot commented 1 month ago

Hi guys,

Today I see use okhttp to call the URL get this errors: connectjavax.net.ssl.SSLHandshakeException: Chain validation failed But there is no problem accessing it using a browser. After a long time of troubleshooting we found reason:because the SSL ocsp stapling response does not match the certificate.

okhttp should run the same as browser to ignore invalid ocsp stapling response instead SSLHandshakeException.

Thank you

louishot commented 1 month ago

I see https://github.com/square/okhttp/issues/6930 But why does the browser work well?

yschimke commented 1 month ago

Can you include a stack trace. This won't be an okhttp issue. Okhttp uses the platform TLS stack.