[Cyberduck-trac] [Cyberduck] #3397: PKIX path building failed . TLS cert check failure on directory delete (was: SSL WebDAV TLS cert check failure on directory delete)

Cyberduck trac at trac.cyberduck.ch
Mon Aug 10 18:25:32 CEST 2009 

#3397: PKIX path building failed . TLS cert check failure on directory delete
--------------------+-------------------------------------------------------
 Reporter:  geoff   |       Owner:  dkocher     
     Type:  defect  |      Status:  new         
 Priority:  normal  |   Milestone:              
Component:  webdav  |     Version:  3.2.1       
 Severity:  major   |    Keywords:  SSL DAV Cert
--------------------+-------------------------------------------------------
Changes (by dkocher):

  * component:  core => webdav


Old description:

> Apache 2.2, mod_dav, Solaris,Intel. SSL-WebDAV on non standard port
> (4705). Adding files or dirs, no problems. Deleting files, fine. Deleting
> directory (was fine until recent Cyberduck update) throws an exception of
> type:
>
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target.
>
> The SSL TLS log entry
> [10/Aug/2009:08:13:57 -0700] 64.X.X.X  TLSv1 RC4-MD5 "DELETE /test1
> HTTP/1.1" 242
> [10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
> 631
> [10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
> 8634
>
> Same cert works perfectly for SSL web connections via browsers.
> Recreating the cert trust chain in java on osx made no difference.
>
> Changing to no SSL, works fine. Can't use that as Cyberduck only
> understands Basic Auth, if it did DigestAuth we could scrape by with no
> SSL. Can't have merely hashed passwds in the clear, as in Basic Auth.

New description:

 Apache 2.2, mod_dav, Solaris,Intel. SSL-WebDAV on non standard port
 (4705). Adding files or dirs, no problems. Deleting files, fine. Deleting
 directory (was fine until recent Cyberduck update) throws an exception of
 type:


 {{{
 sun.security.validator.ValidatorException: PKIX path building failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find
 valid certification path to requested target.
 }}}


 The SSL TLS log entry

 {{{
 [10/Aug/2009:08:13:57 -0700] 64.X.X.X  TLSv1 RC4-MD5 "DELETE /test1
 HTTP/1.1" 242
 [10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
 631
 [10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1"
 8634
 }}}


 Same cert works perfectly for SSL web connections via browsers. Recreating
 the cert trust chain in java on osx made no difference.

 Changing to no SSL, works fine. Can't use that as Cyberduck only
 understands Basic Auth, if it did DigestAuth we could scrape by with no
 SSL. Can't have merely hashed passwds in the clear, as in Basic Auth.

--

-- 
Ticket URL: <http://trac.cyberduck.ch/ticket/3397#comment:1>
Cyberduck <http://cyberduck.ch>
FTP, SFTP, WebDAV, Cloud Files and Amazon S3 Browser for Mac OS X.

More information about the Cyberduck-trac mailing list