[Cyberduck-trac] [Cyberduck] #3397: PKIX path building failed . TLS cert check failure on directory delete (was: SSL WebDAV TLS cert check failure on directory delete)
Cyberduck
trac at trac.cyberduck.ch
Mon Aug 10 18:25:32 CEST 2009
#3397: PKIX path building failed . TLS cert check failure on directory delete
--------------------+-------------------------------------------------------
Reporter: geoff | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: webdav | Version: 3.2.1
Severity: major | Keywords: SSL DAV Cert
--------------------+-------------------------------------------------------
Changes (by dkocher):
* component: core => webdav
Old description:
> Apache 2.2, mod_dav, Solaris,Intel. SSL-WebDAV on non standard port
> (4705). Adding files or dirs, no problems. Deleting files, fine. Deleting
> directory (was fine until recent Cyberduck update) throws an exception of
> type:
>
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target.
>
> The SSL TLS log entry
> [10/Aug/2009:08:13:57 -0700] 64.X.X.X TLSv1 RC4-MD5 "DELETE /test1
> HTTP/1.1" 242
> [10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
> 631
> [10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
> 8634
>
> Same cert works perfectly for SSL web connections via browsers.
> Recreating the cert trust chain in java on osx made no difference.
>
> Changing to no SSL, works fine. Can't use that as Cyberduck only
> understands Basic Auth, if it did DigestAuth we could scrape by with no
> SSL. Can't have merely hashed passwds in the clear, as in Basic Auth.
New description:
Apache 2.2, mod_dav, Solaris,Intel. SSL-WebDAV on non standard port
(4705). Adding files or dirs, no problems. Deleting files, fine. Deleting
directory (was fine until recent Cyberduck update) throws an exception of
type:
{{{
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target.
}}}
The SSL TLS log entry
{{{
[10/Aug/2009:08:13:57 -0700] 64.X.X.X TLSv1 RC4-MD5 "DELETE /test1
HTTP/1.1" 242
[10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
631
[10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
8634
}}}
Same cert works perfectly for SSL web connections via browsers. Recreating
the cert trust chain in java on osx made no difference.
Changing to no SSL, works fine. Can't use that as Cyberduck only
understands Basic Auth, if it did DigestAuth we could scrape by with no
SSL. Can't have merely hashed passwds in the clear, as in Basic Auth.
--
--
Ticket URL: <http://trac.cyberduck.ch/ticket/3397#comment:1>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files and Amazon S3 Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list