[Cyberduck-trac] [Cyberduck] #3397: SSL WebDAV TLS cert check failure on directory delete

Cyberduck trac at trac.cyberduck.ch
Mon Aug 10 18:03:51 CEST 2009

#3397: SSL WebDAV TLS cert check failure on directory delete
 Reporter:  geoff   |       Owner:  dkocher     
     Type:  defect  |      Status:  new         
 Priority:  normal  |   Milestone:              
Component:  core    |     Version:  3.2.1       
 Severity:  major   |    Keywords:  SSL DAV Cert
 Apache 2.2, mod_dav, Solaris,Intel. SSL-WebDAV on non standard port
 (4705). Adding files or dirs, no problems. Deleting files, fine. Deleting
 directory (was fine until recent Cyberduck update) throws an exception of

 sun.security.validator.ValidatorException: PKIX path building failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find
 valid certification path to requested target.

 The SSL TLS log entry
 [10/Aug/2009:08:13:57 -0700] 64.X.X.X  TLSv1 RC4-MD5 "DELETE /test1
 HTTP/1.1" 242
 [10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
 [10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"

 Same cert works perfectly for SSL web connections via browsers. Recreating
 the cert trust chain in java on osx made no difference.

 Changing to no SSL, works fine. Can't use that as Cyberduck only
 understands Basic Auth, if it did DigestAuth we could scrape by with no
 SSL. Can't have merely hashed passwds in the clear, as in Basic Auth.

Ticket URL: <http://trac.cyberduck.ch/ticket/3397>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files and Amazon S3 Browser for Mac OS X.

More information about the Cyberduck-trac mailing list