[JIRA] (JENKINS-40378) ValidatorException: PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target

23 views

Skip to first unread message

vvitkov@gmail.com (JIRA)

unread,

Dec 12, 2016, 7:13:04 AM12/12/16

to jenkinsc...@googlegroups.com

Vladimir Vitkov created an issue

Jenkins /

JENKINS-40378

ValidatorException: PKIX path building failed: SunCertPathBuilderException: unable to find valid certification path to requested target

Issue Type:	Bug
Assignee:	Alexander A
Components:	s3-plugin
Created:	2016/Dec/12 12:12 PM
Environment:	Jenkins: 1.650 S3-plugin: 0.10.10 AWS-SDK: 1.11.37
Priority:	Major
Reporter:	Vladimir Vitkov

Currently we are observing the following:

Job runs fine
Job Finishes successfully

Upload to S3 fails with:

 
                                                                        Publish artifacts to S3 Bucket Build is still running
Publish artifacts to S3 Bucket Using S3 profile: Production
Publish artifacts to S3 Bucket bucket=xxx-archive/yyy/zzz/test1, file=xxx-yyy-20161212113849-5f2ac7573246b7cfea067aff1043926589b2d8b5.zip region=eu-west-1, will be uploaded from slave=true managed=false , server encryption false
ERROR: Build step failed with exception
com.amazonaws.AmazonClientException: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:747)
	at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:489)
	at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:448)
	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:397)
	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:378)
	at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4039)
	at com.amazonaws.services.s3.AmazonS3Client.putObject(AmazonS3Client.java:1583)
	at com.amazonaws.services.s3.transfer.internal.UploadCallable.uploadInOneChunk(UploadCallable.java:131)
	at com.amazonaws.services.s3.transfer.internal.UploadCallable.call(UploadCallable.java:123)
	at com.amazonaws.services.s3.transfer.internal.UploadMonitor.call(UploadMonitor.java:139)
	at com.amazonaws.services.s3.transfer.internal.UploadMonitor.call(UploadMonitor.java:47)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1471)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:936)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:871)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
	at com.amazonaws.http.conn.ssl.SdkTLSSocketFactory.connectSocket(SdkTLSSocketFactory.java:132)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at com.amazonaws.http.conn.ClientConnectionManagerFactory$Handler.invoke(ClientConnectionManagerFactory.java:76)
	at com.amazonaws.http.conn.$Proxy112.connect(Unknown Source)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at com.amazonaws.http.apache.client.impl.SdkHttpClient.execute(SdkHttpClient.java:72)
	at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:897)
	at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:738)
	... 14 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1453)
	... 41 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
	... 47 more
Build step 'Publish artifacts to S3 Bucket' marked build as failure 
                                                                    

The build itself was ran from the master node.

We have explicitly added all digicert and aws certificates to the java cacert bundle (keytool).

Is there any way to either disable the https upload or at least not fail the build due to failure of uploading the artifacts. This is our second archival copy and we have no problem with it not being uploaded.

The issue usually self resolves after restarting jenkins

Add Comment

This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

Reply all

Reply to author

Forward

0 new messages