Bugzilla – Bug 4875
Credential Retriever client should prompt if https CA unknown
Last modified: 2009-04-19 08:07:21
You need to
before you can comment on or make changes to this bug.
The Credential Retriever client currently fails with the following error if the
CA of the web site is unknown.
Generating certificate request...
Fatal Error: IO Error: sun.security.validator.ValidatorException: PKIX
path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
Press OK to close application.
What it should do is fall back to the standard SSLFactory if connecting with
the one loaded with its CA list fails. This should result in a prompt to the
user if the CA is unrecognized. (It should also allow the user to install their
own CAs in their local java environment.)
Fixed in CVS. Added useBundledCAs option to have client not use bundled CAs.
Implemented in 0.4.0 release.
Released. Marking as CLOSED.