Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Version 7.4.3 fails to accept all certificates

See original GitHub issue

Describe the bug It seems that changes in version 7.4.3 skips accept-all truststore configured using builder.withUnsafeTrustMaterial() or builder.withTrustingAllCertificatesWithoutValidation()

This is because UnsafeX509ExtendedTrustManager has 0 accepted X509Certificate therefore it is skipped during checking in CombinableX509TrustManager

To Reproduce

SSLFactory.Builder builder = SSLFactory.builder().withDefaultTrustMaterial();
builder.withUnsafeTrustMaterial();
SSLFactory factory = builder.build();

SSLContext sslContext = factory.getSslContext();
SSLContext.setDefault(sslContext);

Expected behavior Validation of the TLS certificate should pass and connection should be established

Environmental Data:

Java Version 11.0
Gradle
OS MacOS

Additional context The test passes with 7.3.0 and 7.4.2

Issue Analytics

State:
Created a year ago
Comments:10 (6 by maintainers)

Top GitHub Comments

2reactions

Hakky54commented, Jul 5, 2022

Ah, yes now your issue makes more sense. Thank you for providing additional context. I think the library can be improved to cover this kind of use case. The benefit will be that you don’t need to care what the order of trustmaterial should be because it should resolve that for you. And next to that i would prefer it to be compatible with previous releases, so I will fix it and publish a new version of it this week.

0reactions

ivenhovcommented, Aug 4, 2022

Created here https://github.com/Hakky54/sslcontext-kickstart/pull/204 Hopefully i’ve done it right. I’m not sure if there is automatic way to link pull request with Github issue?

Top Results From Across the Web

QRadar: Configuring LDAP authentication with SSL option ...

This error indicates that QRadar® is missing a certificate in the chain of trust required for the Active Directory certificate.

PHP - SSL certificate error: unable to get local issuer certificate

I'm running PHP Version 5.6.3 ...

self signed certificate error · Issue #2009 · brianc/node-postgres

If I'm reading bf029c8 correctly, I think there may have been a bunch of options (including rejectUnauthorized) being inadvertently set to falsy ...

SSL problem after upgrade to php 8.1.3 - WordPress.org

After upgrading from PHP 7.4.28 to PHP 8.1.3 (using Plesk Obsidian Web Host Edition Version 18.0.42 Update #1), no mails sent anymore ...

JIRA applinks fail if SSL certificate uses Subject Alternative ...

Application Links. Affected version/s. 7.4.07.2.87.4.17.4.27.5.07.4.37.4.47.4.57.5.17.5.27.6.07.5.37.4.67.5.47.6.17.7.07.6.27.6.37.7.1. Fix version/s:.