Opened 6 years ago

Closed 6 years ago

#802 closed defect (fixed)

Reseed host with expired cert

Reported by: killyourtv Owned by: HungryHobo
Priority: major Milestone: 0.9.4
Component: router/netdb Version: 0.9.3
Keywords: Cc: meeh@…
Parent Tickets:

Description

The certificate for https://euve5653.vserver.de/ expired on 21.11.2012.

Subtickets

Change History (9)

comment:1 Changed 6 years ago by killyourtv

  • Owner changed from zzz to Meeh
  • Status changed from new to assigned

comment:2 Changed 6 years ago by killyourtv

Spotted after seeing the following on a new installation

12/02/12 xx:yy:zz ERROR [Reseed ] uter.networkdb.reseed.Reseeder: EepGet failed on https://euve5653.vserver.de/netDb/
     javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
     at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
     at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998)
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
     at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685)
     at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111)
     at java.io.OutputStream.write(OutputStream.java:75)
     at net.i2p.util.SSLEepGet.sendRequest(SSLEepGet.java:664)
     at net.i2p.util.EepGet.fetch(EepGet.java:513)
     at net.i2p.util.EepGet.fetch(EepGet.java:478)
     at net.i2p.util.EepGet.fetch(EepGet.java:468)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.readURL(Reseeder.java:468)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.reseedOne(Reseeder.java:317)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.reseed(Reseeder.java:273)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.run2(Reseeder.java:157)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.run(Reseeder.java:142)
     at java.lang.Thread.run(Thread.java:722)
     at net.i2p.util.I2PThread.run(I2PThread.java:85)
     Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
     at sun.security.validator.Validator.validate(Validator.java:260)
     at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107)
     at net.i2p.util.SSLEepGet$SavingTrustManager.checkServerTrusted(SSLEepGet.java:402)
     at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:803)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
     ... 19 more
     Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
     at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:349)
     at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
     ... 27 more
     Caused by: java.security.cert.CertificateExpiredException: NotAfter: Wed Nov 21 21:34:10 GMT 2012
     at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
     at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
     at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:184)
     at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:136)
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
     ... 31 more
12/02/12 xx:yy:zz ERROR [Reseed ] net.i2p.util.SSLEepGet : SSL negotiation error with euve5653.vserver.de:443 - self-signed certificate or untrusted certificate authority?
     javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
     at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
     at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998)
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
     at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685)
     at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111)
     at java.io.OutputStream.write(OutputStream.java:75)
     at net.i2p.util.SSLEepGet.sendRequest(SSLEepGet.java:664)
     at net.i2p.util.EepGet.fetch(EepGet.java:513)
     at net.i2p.util.EepGet.fetch(EepGet.java:478)
     at net.i2p.util.EepGet.fetch(EepGet.java:468)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.readURL(Reseeder.java:468)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.reseedOne(Reseeder.java:317)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.reseed(Reseeder.java:273)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.run2(Reseeder.java:157)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.run(Reseeder.java:142)
     at java.lang.Thread.run(Thread.java:722)
     at net.i2p.util.I2PThread.run(I2PThread.java:85)
     Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
     at sun.security.validator.Validator.validate(Validator.java:260)
     at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107)
     at net.i2p.util.SSLEepGet$SavingTrustManager.checkServerTrusted(SSLEepGet.java:402)
     at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:803)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
     ... 19 more
     Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
     at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:349)
     at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
     ... 27 more
     Caused by: java.security.cert.CertificateExpiredException: NotAfter: Wed Nov 21 21:34:10 GMT 2012
     at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
     at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
     at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:184)
     at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:136)
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
     ... 31 more

comment:3 Changed 6 years ago by HungryHobo

  • Owner changed from Meeh to HungryHobo
  • Status changed from assigned to accepted

comment:4 Changed 6 years ago by HungryHobo

  • Resolution set to fixed
  • Status changed from accepted to closed

New certificate has been installed.

comment:5 Changed 6 years ago by zzz

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:6 Changed 6 years ago by zzz

  • Owner changed from HungryHobo to Meeh
  • Status changed from reopened to assigned

Reopening and reassigning to Meeh to restore the entry in Reseeder.java (he removed it a month ago)

comment:7 Changed 6 years ago by meeh

  • Owner changed from Meeh to HungryHobo

Reseed host added.
Revision: ad92f5811a7ff6ceab5ab09572d716f00f9100ea

HH: Could you check out http://zzz.i2p/topics/1227
You should use one of the scripts linked in the topic. Please contact me if you need help, or have questions. meeh@…, or IRC.

comment:8 Changed 6 years ago by meeh

  • Cc meeh@… added

comment:9 Changed 6 years ago by meeh

  • Resolution set to fixed
  • Status changed from assigned to closed

HH replied on topic 1227. Closing ticket.

Note: See TracTickets for help on using tickets.