search

takcy / openid4java

Automatically exported from code.google.com/p/openid4java
Apache License 2.0
0 stars 0 forks source link

Steam's OpenID provider does not work with openid4java #148

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Using the OpenID provider of http://steamcommunity.com/openid produces:

01:41:03,286 ERROR [org.openid4java.consumer.ConsumerManager] Error talking to 
https://steamcommunity.com/openid/login response code: -1: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path validation failed: java.security.cert.CertPathValidatorException: 
basic constraints check failed: pathLenConstraint violated - this cert must be 
the last cert in the certification path
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [:1.6.0_18]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665) [:1.6.0_18]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258) [:1.6.0_18]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252) [:1.6.0_18]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165) [:1.6.0_18]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) [:1.6.0_18]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610) [:1.6.0_18]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:546) [:1.6.0_18]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913) [:1.6.0_18]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158) [:1.6.0_18]
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652) [:1.6.0_18]
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78) [:1.6.0_18]
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) [:1.6.0_18]
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) [:1.6.0_18]
    at org.apache.commons.httpclient.methods.StringRequestEntity.writeRequest(StringRequestEntity.java:146) [:]
    at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499) [:]
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114) [:]
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) [:]
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) [:]
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) [:]
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) [:]
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) [:]
    at org.openid4java.consumer.ConsumerManager.call(ConsumerManager.java:617) [:]
    at org.openid4java.consumer.ConsumerManager.verifySignature(ConsumerManager.java:1808) [:]
    at org.openid4java.consumer.ConsumerManager.verify(ConsumerManager.java:1179) [:]

I suspect this is a bug in Java's SSL implementation, but I can always hope.

Original issue reported on code.google.com by diabl...@gmail.com on 18 Apr 2011 at 5:46

GoogleCodeExporter commented 8 years ago 
I had similar issues with another authentication provider and just noticed that 
this is a Steam complaint and I'm *not* having this issue connecting to Steam 
in the same server environment. The issue with my other provider was that their 
server was only supporting SSLv3, and didn't support the handshake protocol 
that Java uses (by default, it starts at a lower version of SSL and tries to 
negotiate upwards). 

Try forcing java to use SSLv3 only: 

-Dhttps.protocols=SSLv3

Original comment by nathan.c...@gmail.com on 15 Jun 2011 at 11:45

GoogleCodeExporter commented 8 years ago 
Looks like a java CA validation issue, not openid4java.

Original comment by Johnny.B...@gmail.com on 8 Feb 2013 at 6:57