I'm having a bit of a weird problem, (binding [*out* *err*] (println "test")) won't print anything. My *out* is an OutputStreamWriter, while *err* is a PrintWriter, but that's even before first ns declaration or any requires.
I'm out of ideas how to figure out what's going on, so any pointers are welcome 🙂
EDIT: I'm not even sure it's babashka's fault, binding [*out* ( is also doing nothing...
Does what you are trying to do work in JVM Clojure?
This is what I'm seeing in a bb REPL:
user=> (binding [*out* (java.io.OutputStreamWriter. System/err)] (println "dude"))
dude
nilThis also works for me:
user=> (binding [*out* *err*] (println "test"))
test
nilyeah it works for me in Clojure no probs and in fresh babashka elsewhere also no problems at all
obviously something is very wrong with setup of this script 😕
or maybe you redirect output of the script to some other place?
I don't think so 😞
oh my god
I should've written this message an hour ago, because now it works 😕 this is the worst kind of magic
obviously I've changed something, but what did I change... daaamn 🤣
Run into weird PKIX issue. Using VS Code (devcontainer), Calva and clj-http fetching certain URL within REPL works. Now, performing the same task through Babashka and clj-http-lite within the same devcontainer fails to an SSL error. Any pointers why?
Type: javax.net.ssl.SSLHandshakeException
Message: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Location: clj_http/lite/client.clj:246:7
Babashka version
$ bb --version
babashka v1.12.208
clj-http-lite version
1.0.13
OpenSSL states that the URL certs are fine
$ openssl s_client -showcerts -connect
Babashka is part of the container and thus available in VS Code terminal
can you try babashka.http-client, httpkit client and babashka.curl as well?
Yes, brb.
Here are also some docs to point bb at the trust store files at runtime: https://www.graalvm.org/jdk24/reference-manual/native-image/dynamic-features/CertificateManagement/
Seems to fail identically with bb.http-client
$ bb update-currencies
Running update-currencies
Downloading: org/babashka/http-client/0.4.22/http-client-0.4.22.pom from clojars
Downloading: org/babashka/http-client/0.4.22/http-client-0.4.22.jar from clojars
----- Error --------------------------------------------------------------------
Type: javax.net.ssl.SSLHandshakeException
Message: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Location: /workspaces/carbonlink/builds.clj:182:13
----- Context ------------------------------------------------------------------
178: "Fetch historical currency exchange data from Bank of Finland."
179: [start-date end-date]
180: (let [url ""]
181: (json/parse-string
182: (:body (client/get url
^--- (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
183: {:accept :json
184: :as "UTF-16LE"
185: :debug true
186: :query-params {:startDate start-date
187: :endDate end-date
----- Stack trace --------------------------------------------------------------
babashka.http-client.internal/request - <built-in>
babashka.http-client/request - <built-in>
babashka.http-client/get - <built-in>
builds - /workspaces/carbonlink/builds.clj:182:13
builds/get-historical-currency-rates - /workspaces/carbonlink/builds.clj:181:5 This used to work until yesterday. Last successful run was last week.
and you did not upgrade anything?
And it worked within the devcontainer and from clean terminal without VS Code
I'll check the possible upgrades, I don't recollect upgrading anything myself, but I'm not the only one touching this code base.
Only upgrade since last successful bb task run is kaocha, which was updated to latest version.
This bb task creates a commit so I can see that the last successful run was 25.9.2025
babashka.curl was able to fetch the resource.
You could search this channel for PKIX. E.g. I find this thread: https://clojurians.slack.com/archives/CLX41ASCS/p1731400140757649
I did a cursory search for PKIX as a term, did miss that specific thread. Will try it.
Also from another thread: > bb -http://Djavax.net.ssl.trustStore=/path/to/truststore`... my work network uses its own CAs, so I have this in a wrapper script I use (along with proxy settings)
Hmm, no, I actually tried importing the site certs again 🤔
maybe I shall try a reboot 🙈
perhaps your work uses a VPN or so? something has changed there perhaps? yes, turning it off and on again usually helps at least something :)
shellin' out to curl works but all jvm -related approaches fail with the aforementioned PKIX error 😅
I did a dnf update a while ago 🤔
might have screwed my jvm/Fedora
oh well, $ sudo reboot
Hmm, problem persist after reboot.
Darn.
And for clarrity, no VPN in use here.
I can reproduce it here:
user=> (babashka.http-client/get "")
javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [at <repl>:3:1] Just to be clear, Babashka is installed with the linux installation script. So not locally built nor any package managers involved.
$ keytool -list
keytool error: java.lang.Exception: Keystore file does not exist: /Users/borkdude/.keystorethat's what I get locally too
Me too.
I get the same issue in a Clojure JVM so that's kind of hopeful ;)
user=> (http/get "")
Execution error (SunCertPathBuilderException) at sun.security.provider.certpath.SunCertPathBuilder/build (SunCertPathBuilder.java:148).
unable to find valid certification path to requested target
@jussi.mononen chatgpt gave me the following code to import the certificate manually:
# Export server certificate
openssl s_client -connect -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM > boffsaopendata.crt
# Import into JVM cacerts
sudo keytool -import -alias boffsaopendata -keystore $JAVA_HOME/lib/security/cacerts -file boffsaopendata.crt -storepass changeit
then confirm with:
keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit | grep boffsaopendataafter that, it worked for me in the JVM. not in bb yet. but then I did:
bb -Djavax.net.ssl.trustStore=$JAVA_HOME/lib/security/cacerts -e '(babashka.http-client/get "")'
and that worked.with bb.http-client you can also disable certificate checking which is dangerous, but if this only a local dev script, you may want to take the risk
my guess is that this company changed their certificate recently or so
That is possible, they revamped at least their API site completely. Most likely it is completely new infrastructure, incl certs...
Issued On Friday 26 September 2025 at 11:16:58
Expires On Saturday 26 September 2026 at 11:16:58😂 oh well
For the curious, the API belongs to the Bank of Finland. 😎
I guess the issue will resolve itself in the next release of bb based on a newer GraalVM, but for now you can use above workaround(s)
Thank you 🙏🏻