PKIX path validation failed

[cyberduck]

anonymous created the issue

I try to connect to WEBDAV HTTPS. Cyberduck connects normally without error and then disconnects directly (non error)

The end of the log (I do not know if this is relevant or sufficient ...)

Depth: 0[\r][\n]
[\r][\n]

Thanks

---

Attachments

• Cyberduck-ISM.png (61.5 KiB)
• Cyberduck-failure.png (42.5 KiB)
• error.png (28.4 KiB)
• is-micro.dyndns.org.png (92.2 KiB)

[cyberduck]

anonymous commented

Replying to [2443 anonymous]:

I try to connect to WEBDAV HTTPS. Cyberduck connects normally without error and then disconnects directly (non error)

The end of the log (I do not know if this is relevant or sufficient ...)

Depth: 0[\r][\n]
[\r][\n]

Thanks
forget...
On MacOSX 10.5.4 with Cyberduck 3.0.2 (4166)

[cyberduck]

4a3f5ae commented

Having same issue with Duck as the ticket creator. I think this is due to having self signed certificate, right?

And why should it be "forgotten"? :)

As i see, the change to support "any" cert is in trunk already...

[cyberduck]

@dkocher commented

Can you post the full transcript, please. This issue is not related to #2371.

[cyberduck]

4a3f5ae commented

Here is the full transcript, a little bit "anonymized":

PROPFIND /some/path HTTP/1.1[\r][\n]
Authorization: Basic XXXXXXXXXXXXXXXXX[\r][\n]
Content-Type: text/xml; charset=utf-8[\r][\n]
User-Agent: Cyberduck/3.0.2 (4166)[\r][\n]
Host: company.com[\r][\n]
Content-Length: 207[\r][\n]
Depth: 0[\r][\n]
[\r][\n]
HTTP/1.1 301 Moved Permanently[\r][\n]
HTTP/1.1 301 Moved Permanently[\r][\n]
Date: Fri, 15 Aug 2008 21:01:45 GMT[\r][\n]
Server: Apache/2.2.3 (Linux/SUSE)[\r][\n]
Location: https://company.com/some/path/[\r][\n]
Content-Length: 341[\r][\n]
Content-Type: text/html; charset=iso-8859-1[\r][\n]
[\r][\n]
PROPFIND /some/path/ HTTP/1.1[\r][\n]
Content-Type: text/xml; charset=utf-8[\r][\n]
User-Agent: Cyberduck/3.0.2 (4166)[\r][\n]
Content-Length: 207[\r][\n]
Authorization: Basic XXXXXXXXXXXXXXXXX[\r][\n]
Host: company.com[\r][\n]
Depth: 0[\r][\n]
[\r][\n]

The target server is Apache HTTPD 2.2 + mod_dav (Finder does connects nicely to it over DAV). The communication goes over HTTPS, the server user self signed certificate.

As you see, there is a redirect permanently from /some/path to collection /some/path/ and then the connection dies, duck is not connected anymore.

So, i was wrong about cert (HTTP messages were exchanged nicely), but something else makes Duck to disconnect.

[cyberduck]

anonymous commented

same here

[cyberduck]

3e5ff4f commented

Same problem here. Finder works, Cyberduck is unable to connect.

[cyberduck]

anonymous commented

Same problem with version 3.1.1 (4458)

[cyberduck]

@dkocher commented

Please try the latest nightly build from (http://update.cyberduck.ch/nightly).

[cyberduck]

blougou commented

error.png with Cyberduck 3.1.3 (4527)

No log

Thanks

[cyberduck]

@dkocher commented

Replying to [comment:10 blougou]:

error.png with Cyberduck 3.1.3 (4527)

No log

Thanks

This is helpful. Can you copy and paste the red text from the error dialog here. Also, please let me know (via email if you want) the URL of the WebDAV server. This is a SSL certificate problem; I can analyze this without having a user account on the server.

[cyberduck]

blougou commented

I've just sent an email at feedback@cyberduck.ch...

[cyberduck]

@dkocher commented

Replying to [comment:12 blougou]:

I've just sent an email at feedback@cyberduck.ch...

sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors

I do not get this error here and can initiate the connection to the server successfully. Can you try to remove any certificates from the server from your Keychain or using a different user account and/or OS X installation.

[cyberduck]

blougou commented

On an other OS X installations I have the same error...

[cyberduck]

@dkocher commented

Replying to [comment:14 blougou]:

On an other OS X installations I have the same error...

Until we find the cause of this issue please refer ot this [help/en/problems#DisableSSLTLSX.509certificatetrustvalidation workaround].

[cyberduck]

@dkocher commented

Replying to [comment:15 dkocher]:

Replying to [comment:14 blougou]:

On an other OS X installations I have the same error...

I mean this.