Discussion for "Streaming SSL certificate updates"

kurrik · 2014-08-14 18:59:33 UTC

Please use this thread to discuss [node:21338]

bonthomme · 2014-08-15 04:04:20 UTC

I realize the changes aren’t supposed to take effect until later, but suddenly today we’re getting the following when we try to connect. Has something changed already?

Thank you,
Thom

[Thu Sep 12 16:01:24 PDT 2013]Establishing connection.
[Thu Sep 12 16:01:26 PDT 2013]sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Relevant discussions can be found on the Internet at:
http://www.google.co.jp/search?q=944a924a or
http://www.google.co.jp/search?q=24fd66eb
TwitterException{exceptionCode=[944a924a-24fd66eb 944a924a-24fd66c1 944a924a-24fd66c1 944a924a-24fd66c1], statusCode=-1, message=null, code=-1, retryAfter=-1, rateLimitStatus=null, version=3.0.3}
at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:192)
panopticongeo onDisconnect() @ Thu Sep 12 16:01:26 PDT 2013
Connect-Disconnect Time 1379026886246
at twitter4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:61)
at twitter4j.internal.http.HttpClientWrapper.post(HttpClientWrapper.java:98)
at twitter4j.TwitterStreamImpl.getFilterStream(TwitterStreamImpl.java:304)
at twitter4j.TwitterStreamImpl$7.getStream(TwitterStreamImpl.java:292)
at twitter4j.TwitterStreamImpl$TwitterStreamConsumer.run(TwitterStreamImpl.java:462)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1762)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1031)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
at twitter4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:150)
… 5 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
… 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
… 23 more

kurrik · 2014-08-15 04:04:21 UTC

Nothing should have changed today. Which host were you connecting to?

bonthomme · 2014-08-15 04:04:30 UTC

we’re going against https://stream.twitter.com/1.1/

hca5 · 2014-08-15 04:05:50 UTC

Hi Arne,

Will this impact sitestream.twitter.com as well, or only userstream. and stream. ?

Thanks,
-Hans

kurrik · 2014-08-15 04:06:01 UTC

I’m still seeing the old certificate on stream.twitter.com, which expires on Dec. 31, 2013. This would appear to be unrelated?

kurrik · 2014-08-15 04:06:01 UTC

Only userstream and stream at this time. Sitestream was previously updated and its certificate is good through 2015.

3rdplacez · 2014-08-15 04:07:23 UTC

Hi Arne,
I’m using
https://stream.twitter.com
to open a stream connection via java 1.6.
I’m, setting this property (the SUN security prvider) before connection:
System.setProperty(“java.protocol.handler.pkgs”, “com.sun.net.ssl.internal.www.protocol”);
and all works fine.

In the update communication you said:
“The stream.twitter.com certificate is already signed against the Verisign G3 root, so clients currently connecting to this domain already have the appropriate root certificates installed.”

So I understand I’have nothing to change.
I understand you correctly?

Many thanks!
Andrea

The405radio · 2014-08-15 04:30:09 UTC

I have rb.php and oauth.php, which stopped working. can anyone suggest changes to the oauth code to handle the https? thanks.

alewinkler · 2014-08-15 04:30:21 UTC

I’m using twitter4j, I changed the configuration to use ssl ( configurationBuilder.setUseSSL(true); ) but the method getOAuthRequestToken still returns HTTP addresses in its configuration.
Can anyone explain the process to make twitter4j work with the new changes in the twitter API?

The405radio · 2014-08-15 04:30:24 UTC

But seriously, anyone want to take a crack at modifying some code I have that worked pre-SSL? Help!

fraseque · 2014-08-15 04:30:41 UTC

I am having trouble with the twitter4j and the certificates on the production server. On my personal system which I use as test I updated my twitter4j library to 3.0.5 and everthing worked fine again. But on the production server I updated the same library and manually added the certificates to the JRE but I still get the:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException

Any help?
Thx

Steffen2042 · 2014-08-15 04:30:42 UTC

I have copied the cacerts from an actual java 7_51 installation to my /usr/lib/jvm/java-6-sun/jre/lib/security/ directory, and it worked again.

pcruel · 2014-08-15 04:30:43 UTC

Thanks! Work for me!!!

CesarinGonzo · 2014-08-15 04:30:54 UTC

could you please explainme how to do that?

fraseque · 2014-08-15 04:31:20 UTC

thanks @steffen2042 . It worked!!!

JeremyGoodell · 2014-08-15 04:34:50 UTC

Why was this so difficult??? I spent hours on this before finding this very simple solution. I did exactly what @Steffen2042 said, found a Java 7 installation, located the cacerts file, and copied it over the one in my java 7 installation. BOOM! It works. Sheesh, why was this so difficult???

Pourneema1 · 2014-08-15 04:35:00 UTC

Hello all, Am writing a java program that collects tweets with keyword say for example the keyword is chennai. Am using twitter4j-3.0.5, NetBeansIDE-7.4, Windows7 Operating System and a https connection. After providing the proxy settings & OAuth Credentials i downloaded the Security Certificate from the api.twitter.com website in the form of “apitwitter.cer” file & imported into my Java location which is “C:\Program Files\Java\jre7\lib\security\cacerts” using the keytool command, after which i get a message as “Certificate was added to keystore”. But when i run my program am still getting the exception message as

"[Fri Jan 31 16:03:42 IST 2014]sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
Could anyone pls help?

EtoDemerzel02 · 2014-08-15 04:37:31 UTC

Pourneema, was you able to resolve it?

ahmed_mokhtari · 2014-08-15 04:47:01 UTC

i am trying to collect twitts using java application (already registred) and using twitter4j api but i am having the same error
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
any one who had resolved it, would you like to explain en detail because i am not femaliar with the certificate prb