clj-http

Thierry 2023-02-27T15:59:32.135039Z

Hi all, I am trying to debug an issue with a keystore in reusable connection manager. To do this I want to enable the debug logging that is explained in the README. I can get the logger to log to console when changing the config level, but clj-http never logs anything. I have tried with a log4j2.properties and log4j2.xml file, added dependencie etc. Any tips?

Thierry 2023-02-27T16:54:17.690069Z

Nvm, find another way to get logging

Thierry 2023-02-27T16:57:02.485049Z

It seems there is an illegal reflective access WARNING: Illegal reflective access by clojure.core$bean$fn__7278$fn__7279 (file:/C:/Users/thier/.m2/repository/org/clojure/clojure/1.11.1/clojure-1.11.1.jar) to method sun.security.provider.certpath.SunCertPathBuilderException.getAdjacencyList() Would love tips on how to fix that

Thierry 2023-02-27T17:14:44.322449Z

It ends in [java.lang.Thread run "Thread.java" 834]]} "unable to find valid certification path to requested target" sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target adjacencyList: #object[sun.security.provider.certpath.AdjacencyList 0x3486199a "[\nLinkedList[0]:\n]\n"]

Thierry 2023-02-28T12:23:19.163569Z

Postman didnt get me much further, soapui did tho.

Thierry 2023-02-28T12:44:42.697349Z

Is there a way to check if my connection is using TLSv1.3?

jumar 2023-03-01T02:45:17.936959Z

You can try to intercept the traffic with tcpdump / tshark. I would probably start with checking the certificate in the browser and via openssl. Then I would use java ssl debug logging perhaps via javax.net.debug=ssl:handshake

Thierry 2023-03-01T13:48:13.332129Z

Thanks for the tip @jumar . Today I tried 3 different java versions and their respectively cacerts using the code from https://gist.github.com/dportabella/7024146 gist. All came up with same issue so I think it must be something with the keystore or the suppliers endpoint RHEL8 server.

Thierry 2023-03-01T15:19:10.950239Z

In the end it was the keystore doing stuff it shouldnt.

jumar 2023-03-01T18:57:20.954329Z

Very strange - what exactly was the problem?

Thierry 2023-03-01T18:59:52.626469Z

A multitude of things mostly related to the cert and ca cert chain and settings on the suppliers end.

jumar 2023-02-27T18:31:58.662789Z

What exactly is your keystore problem? Do you try to use a self signed certificate?

Thierry 2023-02-27T22:48:48.050739Z

Well good question. Everything worked fine until last week when the api provider this particular keystore is for upgraded their servers to RHEL 8. After that there are problems with getting a certification path. Going to check if the certificate has an issue somehow tomorrow with Postman