Bug - Not A Bug SSLHandshakeException on startup

Zerstoren

New member
Hi,

The following exceptions are appearing in my DEBUG log during the KoLMafia startup process (i.e. after the login screen disappears; before the Main Interface window is displayed).

class javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

class sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target​

The debug log with stack trace is attached. I'm currently using KoLmafia-18142.jar. I also get the same results when going back to a previous version (I tried builds 18135 and 18129 as well).

One side effect is that KoLMafia can't figure out what I have stored in Hagnk's. The Storage sections of the Item Manager were blank. I haven't noticed any other problems.

- Zerstoren
 

Attachments

  • DEBUG_20170711.txt
    11.3 KB · Views: 233

heeheehee

Developer
Staff member
Code:
	at net.sourceforge.kolmafia.utilities.FileUtilities.downloadFile(FileUtilities.java:302)
	at net.sourceforge.kolmafia.persistence.FaxBotDatabase$DynamicBotFetcher.run(FaxBotDatabase.java:43

Ah, yes, this is the infamous "Java isn't allowed to ship strong crypto per some 90s-era law, and easyfax.xml is hosted on sourceforge" bug.

Sounds like they updated svn.code.sf.net to no longer accept weak crypto.
 

Zerstoren

New member
Thanks for the feedback!

I installed the Java Cryptography Extension (copied new local_policy.jar and US_export_policy.jar). I had multiple copies of these files and updated all of them (Java\jre1.8.0_60; Cisco IP Communicator; EMF\jre1.8.0.101). I still get the same SSLHandshakeException and ValidatorException errors, even after a reboot. I'm open to other suggestions!

If timing information helps, I found a debug log from 2017-05-11 (build 18019) showing the SSLHandshakeException error. To my knowledge, this is the first time I received this exception.

View attachment DEBUG_20170511.txt

The first instance of the ValidatorException was from 2017-05-15 (build 18025).

View attachment DEBUG_20170515.txt

As discussed in the other thread and as indicated by the stack trace, both exceptions occur while dealing with fax stuff. If we can't figure out the exceptions, it would be nice if KoLMafia would fail a bit more gracefully so that fax errors don't interfere with processing of Hagnk's storage functionality (and anything else that might also be getting skipped). Unfortunately, I've already emptied Hagnk's to get around this side effect so I won't be able to test the storage interaction until after I ascend again (unless there's a way to put something into Hagnk's without ascending).
 
Last edited:

xKiv

Active member
Code:
   KoLmafia v17.6 r18019, Windows 7, Java 1.8.0_60

Doesn't java use its own truststore? 1.8.0_60 is apparently ... 2 years old? Maybe it doesn't trust the issuer's certificate yet?
 

Zerstoren

New member
Thanks for the suggestion!

Updated to Java Version 8 Update 131 (build 1.8.0_131-b11) and I no longer get any exceptions in the KoLMafia debug log!

After I ascend again, I can confirm whether or not my storage items return to the Item Manager tab. That might not be for another week or so.

Thanks for all the help guys!
 

Theraze

Active member
Yeah, anything above Java 1.7.09 (I think) will enforce obsolescence. After they mark it as invalid, you can't run security exceptions anymore.
If you want a forever Java, your easy choices are third party or something with tons of well documented security holes.
 

Zerstoren

New member
I can confirm that the Item Manager tab is showing Hagnk's storage contents properly after completing another ascension. No more errors in the debug log. Thanks again for the help guys!
 
Top