On Fri, 3 Apr 2026 10:44:09 GMT, Daniel Jeliński <[email protected]> wrote:
> This PR improves the exceptions thrown from HttpClient.send when the QUIC TLS > handshake fails on the client side, for example because the server > certificate is not trusted. > > Before the changes we would throw the following exception chain: > > javax.net.ssl.SSLHandshakeException: QUIC connection establishment failed > Caused by: javax.net.ssl.SSLHandshakeException: QUIC connection establishment > failed > Caused by: java.io.IOException: certificate_unknown > > After the changes the following exception chain is thrown: > > javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > Caused by: javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX > path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > > The new exception chain matches the one observed with HTTP 1/2. > > I updated a preexisting test to cover HTTP3, and added assertions to verify > the exception message. HttpClient tests continue to pass. Thanks @dfuch for the review. Changes applied. ------------- PR Comment: https://git.openjdk.org/jdk/pull/30563#issuecomment-4183206143
