Cyberduck Mountain Duck CLI

#3397 closed defect (duplicate)

PKIX path building failed . TLS cert check failure on directory delete

Reported by: geoff Owned by: dkocher
Priority: normal Milestone:
Component: webdav Version: 3.2.1
Severity: major Keywords: SSL DAV Cert
Cc: Architecture:
Platform: Mac OS X 10.6

Description (last modified by dkocher)

Apache 2.2, mod_dav, Solaris,Intel. SSL-WebDAV on non standard port (4705). Adding files or dirs, no problems. Deleting files, fine. Deleting directory (was fine until recent Cyberduck update) throws an exception of type:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

The SSL TLS log entry

[10/Aug/2009:08:13:57 -0700] 64.X.X.X  TLSv1 RC4-MD5 "DELETE /test1 HTTP/1.1" 242
[10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1" 631
[10/Aug/2009:08:13:58 -0700] 64.X.X.X TLSv1 RC4-MD5 "PROPFIND / HTTP/1.1" 8634

Same cert works perfectly for SSL web connections via browsers. Recreating the cert trust chain in java on osx made no difference.

Changing to no SSL, works fine. Can't use that as Cyberduck only understands Basic Auth, if it did DigestAuth we could scrape by with no SSL. Can't have merely hashed passwds in the clear, as in Basic Auth.

Change History (4)

comment:1 Changed on Aug 10, 2009 at 4:25:32 PM by dkocher

  • Component changed from core to webdav
  • Description modified (diff)
  • Summary changed from SSL WebDAV TLS cert check failure on directory delete to PKIX path building failed . TLS cert check failure on directory delete

comment:2 Changed on Aug 10, 2009 at 4:26:45 PM by dkocher

Use the following workaround:

defaults write ch.sudo.cyberduck webdav.tls.acceptAnyCertificate true

in Terminal.app window and restart Cyberduck.

comment:3 in reply to: ↑ description Changed on Aug 10, 2009 at 4:27:30 PM by dkocher

Replying to geoff:

Can't use that as Cyberduck only understands Basic Auth, if it did DigestAuth we could scrape by with no SSL. Can't have merely hashed passwds in the clear, as in Basic Auth.

We do support Basic, Digest and NTLM Authentication.

comment:4 Changed on Apr 10, 2010 at 3:33:34 PM by dkocher

  • Platform set to Mac OS X 10.6
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate for #2443. Is the server publicy reachable to debug this issue?

Note: See TracTickets for help on using tickets.
swiss made software