Не удалось построить путь PKIX — javax.net.ssl.SSLHandshakeExceptionJAVA

Программисты JAVA общаются здесь
Ответить
Anonymous
 Не удалось построить путь PKIX — javax.net.ssl.SSLHandshakeException

Сообщение Anonymous »

У меня есть пример кода, который в настоящее время не работает в моей среде.

Код: Выделить всё

java --version
Picked up JAVA_TOOL_OPTIONS:  -Djava.net.useSystemProxies=true
openjdk 25.0.1 2025-10-21
OpenJDK Runtime Environment (build 25.0.1+8-27)
OpenJDK 64-Bit Server VM (build 25.0.1+8-27, mixed mode, sharing)
ОС: RHEL 9.5
вот пример кода:

Код: Выделить всё

import javax.net.ssl.HttpsURLConnection;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;

public class SslTest {
public static void main(String[] args) {
// Your URL:
String httpsUrl = "https://github.com/protocolbuffers/upb/archive/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz";

try {
URL url = new URL(httpsUrl);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setRequestMethod("GET");

System.out.println("Response Code: "  + conn.getResponseCode());

try (BufferedReader in = new BufferedReader(
new InputStreamReader(conn.getInputStream()))) {
String inputLine;
while ((inputLine = in.readLine()) != null) {
System.out.println(inputLine);
}
}

} catch (Exception e) {
// If your JDK can't validate the certificate chain to GitHub,
// you should see SSLHandshakeException / PKIX path building failed here.
e.printStackTrace();
}
}
}
вот информация о прокси:

Код: Выделить всё

 tensorflow-2.4.1]$ echo $http_proxy $https_proxy $HTTP_PROXY $HTTPS_PROXY
http://proxy.example.net:2010/ http://proxy.example.net:2010/ http://proxy.example.net:2010/ http://proxy.example.net:2010/
теперь я попробовал запустить код:

Код: Выделить всё

 tensorflow-2.4.1]$ vim SslTest.java
tensorflow-2.4.1]$ java  SslTest
Picked up JAVA_TOOL_OPTIONS:  -Djava.net.useSystemProxies=true
javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:376)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:319)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1295)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1172)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1115)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:421)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:477)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:199)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:483)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1377)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1302)
at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:493)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:307)
at SslTest.main(SslTest.java:16)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1279)
...  18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:299)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 23 more
но я могу загрузить в систему напрямую как:

Код: Выделить всё


tensorflow-2.4.1]$ wget https://github.com/protocolbuffers/upb/archive/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz
--2025-12-23 18:54:05--  https://github.com/protocolbuffers/upb/archive/9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz
Resolving proxy.example.net (proxy.example.net)... 163.11.28.80
Connecting to proxy.example.net (proxy.example.net)|163.11.28.80|:2010... connected.
Proxy request sent, awaiting response... 302 Found
Location: https://codeload.github.com/protocolbuffers/upb/tar.gz/9effcbcb27f0a665f9f345030188c0b291e32482 [following]
--2025-12-23 18:54:05--  https://codeload.github.com/protocolbuffers/upb/tar.gz/9effcbcb27f0a665f9f345030188c0b291e32482
Connecting to proxy.example.net (proxy.example.net)|163.11.28.80|:2010... connected.
Proxy request sent, awaiting response... 200 OK
Length: 324650 (317K) [application/x-gzip]
Saving to: ‘9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz’
9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz        100%[=========================================================================================================================>] 317.04K  --.-KB/s    in 0.04s
2025-12-23 18:54:06 (7.68 MB/s) - ‘9effcbcb27f0a665f9f345030188c0b291e32482.tar.gz’ saved [324650/324650]
tensorflow-2.4.1]$
пробовал следовать, но не помогло
java -Dhttp.proxyHost=proxy.example.net -Dhttp.proxyPort=2010 -Djava.net.useSystemProxies=true SslTest

Код: Выделить всё

icked up JAVA_TOOL_OPTIONS:  -Djava.net.useSystemProxies=true
javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
....
позволяет ли Java/jvm каким-либо средствам отключать или обходить проверки SSL?

Подробнее здесь: https://stackoverflow.com/questions/798 ... eexception
Вернуться к началу
Ответить

Быстрый ответ

Изменение регистра текста: 
Смайлики
:) :( :oops: :roll: :wink: :muza: :clever: :sorry: :angel: :read: *x)
Ещё смайлики…
   
К этому ответу прикреплено по крайней мере одно вложение.

Если вы не хотите добавлять вложения, оставьте поля пустыми.

Максимально разрешённый размер вложения: 15 МБ.

Вернуться в «JAVA»