On Fri, 3 Apr 2026 12:12:28 GMT, Daniel Jeliński <[email protected]> wrote:
>> This PR improves the exceptions thrown from HttpClient.send when the QUIC >> TLS handshake fails on the client side, for example because the server >> certificate is not trusted. >> >> Before the changes we would throw the following exception chain: >> >> javax.net.ssl.SSLHandshakeException: QUIC connection establishment failed >> Caused by: javax.net.ssl.SSLHandshakeException: QUIC connection >> establishment failed >> Caused by: java.io.IOException: certificate_unknown >> >> After the changes the following exception chain is thrown: >> >> javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX path >> building failed: sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target >> Caused by: javax.net.ssl.SSLHandshakeException: (certificate_unknown) PKIX >> path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target >> Caused by: sun.security.validator.ValidatorException: PKIX path building >> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable >> to find valid certification path to requested target >> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >> unable to find valid certification path to requested target >> >> The new exception chain matches the one observed with HTTP 1/2. >> >> I updated a preexisting test to cover HTTP3, and added assertions to verify >> the exception message. HttpClient tests continue to pass. > > Daniel Jeliński has updated the pull request incrementally with two > additional commits since the last revision: > > - Use createClientBuilderForH3 > - Import HttpTestServer Marked as reviewed by dfuchs (Reviewer). ------------- PR Review: https://git.openjdk.org/jdk/pull/30563#pullrequestreview-4055472909
