Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSLHandshakeException #7616

Closed
ilippert opened this issue Apr 11, 2021 · 8 comments · Fixed by #7657
Closed

SSLHandshakeException #7616

ilippert opened this issue Apr 11, 2021 · 8 comments · Fixed by #7657
Labels
[outdated] type: bug Confirmed bugs or reports that are very likely to be bugs status: depends-on-external A bug or issue that depends on an update of an external library

Comments

@ilippert
Copy link
Contributor

ilippert commented Apr 11, 2021

JabRef 5.3--2021-03-29--2948e6d
Linux 5.11.11-200.fc33.x86_64 amd64
Java 15.0.2
JavaFX 16+8

I asked an entry to download the file https://www.serbski-institut.de/os/dnlarchiv/Kleine_Reihe_27_web.2217.pdf and got this error message.

for SSL certificate issues, I would suggets allow the user to add an exception, like a browser would do?

Log File
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
  at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
  at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
  at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
  at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
  at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
  at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
  at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
  at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
  at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
  at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
  at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
  at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
  at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
  at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
  at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
  at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
  at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
  at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at java.base/java.net.HttpURLConnection.getResponseCode(Unknown Source)
  at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
  at org.jabref@5.3.229/org.jabref.logic.net.URLDownload.openConnection(Unknown Source)
  at org.jabref@5.3.229/org.jabref.logic.net.URLDownload.asInputStream(Unknown Source)
  at org.jabref@5.3.229/org.jabref.gui.externalfiles.FileDownloadTask.call(Unknown Source)
  at org.jabref@5.3.229/org.jabref.gui.externalfiles.FileDownloadTask.call(Unknown Source)
  at org.jabref@5.3.229/org.jabref.gui.util.BackgroundTask$3.call(Unknown Source)
  at org.jabref@5.3.229/org.jabref.gui.util.DefaultTaskExecutor$1.call(Unknown Source)
  at org.jabref.merged.module@5.3.229/javafx.concurrent.Task$TaskCallable.call(Unknown Source)
  at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
  at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
  at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
  at java.base/java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
  at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
  at java.base/sun.security.validator.Validator.validate(Unknown Source)
  at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
  at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
  ... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
  at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
  at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
  ... 36 more

@stefan-kolb stefan-kolb added the [outdated] type: bug Confirmed bugs or reports that are very likely to be bugs label Apr 11, 2021
@stefan-kolb
Copy link
Member

Reproducible. Browser does not complain.

@Siedlerchr
Copy link
Member

Probably some certificates missing in the Java version

@Siedlerchr Siedlerchr added the status: depends-on-external A bug or issue that depends on an update of an external library label Apr 11, 2021
@ruanych
Copy link
Contributor

ruanych commented Apr 21, 2021

I think for the SSL handshake issue, we can give the user some prompts like a browser and let the user choose whether to trust this site.
Either some certificates missing in the Java version or the certificate of that site has indeed expired.

@ruanych
Copy link
Contributor

ruanych commented Apr 21, 2021

I think for the SSL handshake issue, we can give the user some prompts like a browser and let the user choose whether to trust this site.
Either some certificates missing in the Java version or the certificate of that site has indeed expired.

Before downloading the file, check SSL Handshake, like
https://github.com/Ryyyc/jabref/blob/2b37ec73f876b964d69e585abe2b22d18a8bfb4e/src/main/java/org/jabref/gui/fieldeditors/LinkedFileViewModel.java#L473-L491

After the download task is completed, restore the original certificate verification settings
https://github.com/Ryyyc/jabref/blob/2b37ec73f876b964d69e585abe2b22d18a8bfb4e/src/main/java/org/jabref/gui/fieldeditors/LinkedFileViewModel.java#L493-L511

@Siedlerchr
Copy link
Member

@ryyyc That looks already like a good idea. Would be cool if you could create a PR°

@ruanych
Copy link
Contributor

ruanych commented Apr 21, 2021

@Siedlerchr All right, if there is any need to modify this PR #7657 , please contact me.

@ruanych
Copy link
Contributor

ruanych commented Apr 21, 2021

@Siedlerchr Hi, there seem to be some problems when making a pull request.
Some test cases did not seem to pass, but I tested the code on the branch main on the local machine, and some test cases also failed. What should I do?

@Siedlerchr
Copy link
Member

Thanks to @ryyyc this should now be fixed in the latest main (currently building)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[outdated] type: bug Confirmed bugs or reports that are very likely to be bugs status: depends-on-external A bug or issue that depends on an update of an external library
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants