#802 (Reseed host with expired cert) – I2P Bugtracker

comment:1 Changed 7 years ago by killyourtv

Owner:	changed from zzz to Meeh
Status:	new → assigned

comment:2 Changed 7 years ago by killyourtv

Spotted after seeing the following on a new installation

12/02/12 xx:yy:zz ERROR [Reseed ] uter.networkdb.reseed.Reseeder: EepGet failed on https://euve5653.vserver.de/netDb/
     javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
     at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
     at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998)
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
     at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685)
     at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111)
     at java.io.OutputStream.write(OutputStream.java:75)
     at net.i2p.util.SSLEepGet.sendRequest(SSLEepGet.java:664)
     at net.i2p.util.EepGet.fetch(EepGet.java:513)
     at net.i2p.util.EepGet.fetch(EepGet.java:478)
     at net.i2p.util.EepGet.fetch(EepGet.java:468)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.readURL(Reseeder.java:468)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.reseedOne(Reseeder.java:317)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.reseed(Reseeder.java:273)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.run2(Reseeder.java:157)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.run(Reseeder.java:142)
     at java.lang.Thread.run(Thread.java:722)
     at net.i2p.util.I2PThread.run(I2PThread.java:85)
     Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
     at sun.security.validator.Validator.validate(Validator.java:260)
     at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107)
     at net.i2p.util.SSLEepGet$SavingTrustManager.checkServerTrusted(SSLEepGet.java:402)
     at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:803)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
     ... 19 more
     Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
     at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:349)
     at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
     ... 27 more
     Caused by: java.security.cert.CertificateExpiredException: NotAfter: Wed Nov 21 21:34:10 GMT 2012
     at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
     at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
     at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:184)
     at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:136)
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
     ... 31 more
12/02/12 xx:yy:zz ERROR [Reseed ] net.i2p.util.SSLEepGet : SSL negotiation error with euve5653.vserver.de:443 - self-signed certificate or untrusted certificate authority?
     javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
     at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
     at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338)
     at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
     at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
     at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
     at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998)
     at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
     at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685)
     at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111)
     at java.io.OutputStream.write(OutputStream.java:75)
     at net.i2p.util.SSLEepGet.sendRequest(SSLEepGet.java:664)
     at net.i2p.util.EepGet.fetch(EepGet.java:513)
     at net.i2p.util.EepGet.fetch(EepGet.java:478)
     at net.i2p.util.EepGet.fetch(EepGet.java:468)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.readURL(Reseeder.java:468)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.reseedOne(Reseeder.java:317)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.reseed(Reseeder.java:273)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.run2(Reseeder.java:157)
     at net.i2p.router.networkdb.reseed.Reseeder$ReseedRunner.run(Reseeder.java:142)
     at java.lang.Thread.run(Thread.java:722)
     at net.i2p.util.I2PThread.run(I2PThread.java:85)
     Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
     at sun.security.validator.Validator.validate(Validator.java:260)
     at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
     at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:107)
     at net.i2p.util.SSLEepGet$SavingTrustManager.checkServerTrusted(SSLEepGet.java:402)
     at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:803)
     at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320)
     ... 19 more
     Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
     at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:349)
     at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
     at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
     ... 27 more
     Caused by: java.security.cert.CertificateExpiredException: NotAfter: Wed Nov 21 21:34:10 GMT 2012
     at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
     at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:587)
     at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:184)
     at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:136)
     at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
     ... 31 more

comment:3 Changed 7 years ago by HungryHobo

Owner:	changed from Meeh to HungryHobo
Status:	assigned → accepted

comment:4 Changed 7 years ago by HungryHobo

Resolution:	→ fixed
Status:	accepted → closed

New certificate has been installed.

comment:5 Changed 7 years ago by zzz

Resolution:	fixed
Status:	closed → reopened

comment:6 Changed 7 years ago by zzz

Owner:	changed from HungryHobo to Meeh
Status:	reopened → assigned

Reopening and reassigning to Meeh to restore the entry in Reseeder.java (he removed it a month ago)

comment:7 Changed 7 years ago by Meeh

Owner:	changed from Meeh to HungryHobo

Reseed host added.
Revision: ad92f5811a7ff6ceab5ab09572d716f00f9100ea

HH: Could you check out http://zzz.i2p/topics/1227
You should use one of the scripts linked in the topic. Please contact me if you need help, or have questions. meeh@…, or IRC.

comment:8 Changed 7 years ago by Meeh

Cc:	Meeh added

comment:9 Changed 7 years ago by Meeh

Resolution:	→ fixed
Status:	assigned → closed

HH replied on topic 1227. Closing ticket.

Reported by:	killyourtv	Owned by:	HungryHobo
Priority:	major	Milestone:	0.9.4
Component:	router/netdb	Version:	0.9.3
Keywords:		Cc:	Meeh
Parent Tickets:		Sensitive:	no

Context Navigation

#802 closed defect (fixed)

Reseed host with expired cert

Description

Subtickets

Change History (9)