Get cert error trying to install Emacs+ into 2020-03 from marketplace client

34 views
Skip to first unread message

David Karr

unread,
Mar 18, 2020, 9:01:27 PM3/18/20
to Emacs+ plugin discussion
I just started setting up 2020-03 today.  I tried to install Emacs+ from the marketplace client, and got this:

Unable to read repository at https://sites.google.com/a/mulgasoft.com/www/emacsplus/e4/update-site/content.xml.PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I don't remember whether I ran into this with this site before, but I know I've seen it with other sites.

I'm running Eclipse with Java 12.

Bill Carpenter

unread,
Mar 28, 2020, 2:00:13 PM3/28/20
to Emacs+ plugin discussion
I've been getting that for at least a year or so, mostly with Java 8. I had been assuming it was a side effect of my company's "transparent" SSL proxy. Since it's only a problem with emacs+ (which to me is indispensible), I just download it from the update site and install from local.

If you figure it out, let us know.

Mark

unread,
Mar 28, 2020, 2:05:34 PM3/28/20
to Emacs+ plugin discussion
Emacs+ doesn't have a certificate, so the error must have something to do with your local settings.  I have no issues in my environment; I simply get a message that I need to proceed even though there is no certificate.  Therefore, it is not an issue with Emacs+ per se, but something more global.

David Karr

unread,
Mar 28, 2020, 3:36:46 PM3/28/20
to Emacs+ plugin discussion


On Saturday, March 28, 2020 at 11:00:13 AM UTC-7, Bill Carpenter wrote:
I've been getting that for at least a year or so, mostly with Java 8. I had been assuming it was a side effect of my company's "transparent" SSL proxy. Since it's only a problem with emacs+ (which to me is indispensible), I just download it from the update site and install from local.

If you figure it out, let us know.


As an experiment, can you tell me what happens when you try to install the "bash editor" plugin from the marketplace?  You don't have to actually install it, just attempt to get to the final confirmation.  I get the same error from this one.

Mark Feber

unread,
Mar 28, 2020, 3:51:35 PM3/28/20
to emac...@googlegroups.com
It looks like it would work here.  I get the same cert security warning as with Emacs+ from the marketplace, where clicking Install anyway completes the installation without error:

image.png




--
--
You received this message because you are subscribed to the Google
Groups "Emacs+ Eclipse Discussion" group.
To post to this group, send email to emac...@googlegroups.com
To unsubscribe from this group, send email to
emacsplus+...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/emacsplus?hl=en?hl=en
 
Support Emacs+ by marking it as a 'favorite' at the Eclipse Marketplace: http://marketplace.eclipse.org/content/emacs.

---
You received this message because you are subscribed to the Google Groups "Emacs+ plugin discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to emacsplus+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/emacsplus/d294369b-4347-43e9-9237-ed4c51f341a6%40googlegroups.com.

David Karr

unread,
Mar 28, 2020, 3:55:40 PM3/28/20
to Emacs+ plugin discussion
You're talking about a completely different issue.  I get this for some plugins, but it certainly does not prevent me from installing the plugin. My question was directed to Bill Carpenter, who appears to be getting the same error I am.


On Saturday, March 28, 2020 at 12:51:35 PM UTC-7, Mark wrote:
It looks like it would work here.  I get the same cert security warning as with Emacs+ from the marketplace, where clicking Install anyway completes the installation without error:

image.png




On Sat, Mar 28, 2020 at 12:36 PM David Karr <davidmic...@gmail.com> wrote:


On Saturday, March 28, 2020 at 11:00:13 AM UTC-7, Bill Carpenter wrote:
I've been getting that for at least a year or so, mostly with Java 8. I had been assuming it was a side effect of my company's "transparent" SSL proxy. Since it's only a problem with emacs+ (which to me is indispensible), I just download it from the update site and install from local.

If you figure it out, let us know.


As an experiment, can you tell me what happens when you try to install the "bash editor" plugin from the marketplace?  You don't have to actually install it, just attempt to get to the final confirmation.  I get the same error from this one.

--
--
You received this message because you are subscribed to the Google
Groups "Emacs+ Eclipse Discussion" group.
To post to this group, send email to emac...@googlegroups.com
To unsubscribe from this group, send email to

For more options, visit this group at
http://groups.google.com/group/emacsplus?hl=en?hl=en
 
Support Emacs+ by marking it as a 'favorite' at the Eclipse Marketplace: http://marketplace.eclipse.org/content/emacs.

---
You received this message because you are subscribed to the Google Groups "Emacs+ plugin discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to emac...@googlegroups.com.

Bill Carpenter

unread,
Mar 28, 2020, 4:21:22 PM3/28/20
to Emacs+ plugin discussion
I agree. "Unsigned" is a completely unrelated issue.

The "bash editor" experiment went OK for me. No errors (except the later unsigned code warning).

I don't think this helps much (since it's what we already know), but here is the stack trace for the certificate validation path error. I think this has to be the collection of trusted root CAs in my JDK.

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:394)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.eclipse.ecf.provider.filetransfer.httpclient45.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:246)
at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:450)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:317)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:445)
... 27 more

Bill Carpenter

unread,
Mar 28, 2020, 4:21:23 PM3/28/20
to Emacs+ plugin discussion
Right. I should have made it clear that I think that, too. It's to do with Eclipse https client when it connects to the emacs+ update site. The certificate validation probably ultimately comes from the JDK used to run Eclipse, which is probably missing some root certificate. There's no certificate complaints when I connect to the update site with a browser.

I'm interested in the fact that you have the option to go forward after the certificate warning. I haven't found any option to do that.  I'll go exploring in Eclipse settings to see if there is something interesting for that.

David Karr

unread,
Mar 28, 2020, 5:32:41 PM3/28/20
to emac...@googlegroups.com
On Sat, Mar 28, 2020 at 1:21 PM Bill Carpenter <wjcar...@gmail.com> wrote:
I agree. "Unsigned" is a completely unrelated issue.

The "bash editor" experiment went OK for me. No errors (except the later unsigned code warning).

Sigh, another unexpected variation.  Perhaps it's the JDK running Eclipse?  I'm running it with Java 14, although I had the same problem with Java 12.  I still compile code with Java 8.

--
--
You received this message because you are subscribed to the Google
Groups "Emacs+ Eclipse Discussion" group.
To post to this group, send email to emac...@googlegroups.com
To unsubscribe from this group, send email to

For more options, visit this group at
http://groups.google.com/group/emacsplus?hl=en?hl=en
 
Support Emacs+ by marking it as a 'favorite' at the Eclipse Marketplace: http://marketplace.eclipse.org/content/emacs.

---
You received this message because you are subscribed to the Google Groups "Emacs+ plugin discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to emacsplus+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/emacsplus/34af2824-18e0-495f-9be9-38fe3e3cdade%40googlegroups.com.

David Karr

unread,
Mar 28, 2020, 6:26:28 PM3/28/20
to Emacs+ plugin discussion
Ok, I've figured something out.  What you said made me think about our firewall/proxy.  They've made it increasingly snarky over the years.  I just tried disconnecting from my VPN, changing the eclipse proxy to "Direct" and attempting to install both Emacs+ and Bash Editor.  No problem.  Both gave me the "unsigned" warning and let me continue.  I doubt I'll ever find a human responsible for the firewall that will confirm this for me, but it looks like they simply won't allow connecting to servers with self-signed certs.  This is a cleaner workaround than downloading the update site and installing it locally.


On Saturday, March 28, 2020 at 11:00:13 AM UTC-7, Bill Carpenter wrote:
Reply all
Reply to author
Forward
0 new messages