[Cyberduck-trac] [Cyberduck] #3397: SSL WebDAV TLS cert check failure on directory delete
Cyberduck
trac at trac.cyberduck.ch
Mon Aug 10 18:03:51 CEST 2009
#3397: SSL WebDAV TLS cert check failure on directory delete
--------------------+-------------------------------------------------------
Reporter: geoff | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: core | Version: 3.2.1
Severity: major | Keywords: SSL DAV Cert
--------------------+-------------------------------------------------------
Apache 2.2, mod_dav, Solaris,Intel. SSL-WebDAV on non standard port
(4705). Adding files or dirs, no problems. Deleting files, fine. Deleting
directory (was fine until recent Cyberduck update) throws an exception of
type:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target.
The SSL TLS log entry
[10/Aug/2009:08:13:57 -0700] 64.X.X.X TLSv1 RC4-MD5 "DELETE /test1
HTTP/1.1" 242
[10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
631
[10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
8634
Same cert works perfectly for SSL web connections via browsers. Recreating
the cert trust chain in java on osx made no difference.
Changing to no SSL, works fine. Can't use that as Cyberduck only
understands Basic Auth, if it did DigestAuth we could scrape by with no
SSL. Can't have merely hashed passwds in the clear, as in Basic Auth.
--
Ticket URL: <http://trac.cyberduck.ch/ticket/3397>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files and Amazon S3 Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list