Skip to content
This repository has been archived by the owner on Jul 18, 2022. It is now read-only.

E-Mail Datasource: problem with SSL=true #85

Open
WolfgangEibner opened this issue Nov 12, 2012 · 3 comments
Open

E-Mail Datasource: problem with SSL=true #85

WolfgangEibner opened this issue Nov 12, 2012 · 3 comments
Labels
bug nice-to-have

Comments

@WolfgangEibner
Copy link
Member 

javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:571)
        at javax.mail.Service.connect(Service.java:288)
        at javax.mail.Service.connect(Service.java:169)
        at org.backmeup.mail.MailAuthenticator.isValid(MailAuthenticator.java:98)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.backmeup.plugin.osgi.PluginImpl$1.invoke(PluginImpl.java:227)
        at $Proxy87.isValid(Unknown Source)
        at org.backmeup.logic.impl.BusinessLogicImpl.postAuth(BusinessLogicImpl.java:982)
        at org.backmeup.logic.impl.BusinessLogicImpl$Proxy$_$$_WeldClientProxy.postAuth(BusinessLogicImpl$Proxy$_$$_WeldClientProxy.java)
        at org.backmeup.rest.Datasources.postAuthenticate(Datasources.java:158)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:167)
        at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:257)
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:222)
        at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:211)
        at org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:525)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:502)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:119)
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:208)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:55)
        at org.jboss.resteasy.plugins.server.tjws.TJWSServletDispatcher.service(TJWSServletDispatcher.java:40)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:50)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at Acme.Serve.Serve$ServeConnection.runServlet(Serve.java:2326)
        at Acme.Serve.Serve$ServeConnection.parseRequest(Serve.java:2280)
        at Acme.Serve.Serve$ServeConnection.run(Serve.java:2052)
        at Acme.Utils$ThreadPool$PooledThread.run(Utils.java:1402)
        at java.lang.Thread.run(Thread.java:679)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1697)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:257)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:251)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:609)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:545)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:945)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1190)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:805)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:94)
        at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:110)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:235)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:254)
        at com.sun.mail.iap.ResponseInputStream.readResponse(ResponseInputStream.java:97)
        at com.sun.mail.iap.Response.<init>(Response.java:96)
        at com.sun.mail.imap.protocol.IMAPResponse.<init>(IMAPResponse.java:61)
        at com.sun.mail.imap.protocol.IMAPResponse.readResponse(IMAPResponse.java:135)
        at com.sun.mail.imap.protocol.IMAPProtocol.readResponse(IMAPProtocol.java:261)
        at com.sun.mail.iap.Protocol.<init>(Protocol.java:114)
        at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:104)
        at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:538)
        ... 33 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224)
        at sun.security.validator.Validator.validate(Validator.java:235)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
        ... 51 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319)
        ... 57 more
@ghost ghost self-assigned this Nov 12, 2012
@ghost
Copy link

ghost commented Nov 13, 2012

This exception occurs, if the certificate of the SSL cannot be trusted (http://stackoverflow.com/questions/1201048/allowing-java-to-use-an-untrusted-certificate-for-ssl-https-connection/1201102#1201102).
As a workaround we could accept all certificates, but I am not sure if we really want to do that.

I've just backed up a gmail account which uses SSL and it worked just fine. The settings are the following:

MAIL_SETTINGS = {
"SSL" : True,
"Port" : 993,
"Host" : "imap.gmail.com",
"Username" : "[email protected]",
"Password" : "**********",
"Type" : "imap"
}

Which service are you trying to back up? Maybe we can determine if their certificate can be trusted or not.

@WolfgangEibner
Copy link
Member Author

My X-net account which indeed has an self signed certificate. ;)

Wolfgang Eibner
X-Net Services/Technologies GmbH
[email protected]
+43 732 / 77 31 42 - 28
+43 676 / 74 81 350

fschoeppl [email protected] schrieb:

This exception occurs, if the certificate of the SSL cannot be trusted
(http://stackoverflow.com/questions/1201048/allowing-java-to-use-an-untrusted-certificate-for-ssl-https-connection/1201102#1201102).
As a workaround we could accept all certificates, but I am not sure if
we really want to do that.

I've just backed up a gmail account which uses SSL and it worked just
fine. The settings are the following:

MAIL_SETTINGS = {
"SSL" : True,
"Port" : 993,
"Host" : "imap.gmail.com",
"Username" : "[email protected]",
"Password" : "**********",
"Type" : "imap"
}

Which service are you trying to back up? Maybe we can determine if
their certificate can be trusted or not.

Reply to this email directly or view it on GitHub:
#85 (comment)

@keros
Copy link
Contributor

keros commented Nov 13, 2012

I think he has tried to create an Backup from our Mailserver.
https://mail.x-net.at/

This Certificate is self signed.
I think we have to acept every certificate here. There are many mailservers out there with self signed certificates.
But this will open the door for man in the middle attacks :/

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug nice-to-have
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WolfgangEibner @keros