尝试在 MAC 上克隆 GIT 时出现 javax.net.ssl.SSLHandshakeException

【问题标题】:javax.net.ssl.SSLHandshakeException when trying to clone GIT on MAC尝试在 MAC 上克隆 GIT 时出现 javax.net.ssl.SSLHandshakeException
【发布时间】:2019-08-05 06:52:56
【问题描述】:

尝试将 VSTS 项目 repo 克隆到我的 Mac(通过 VS Code 终端)时,我收到以下证书错误

git clone https://abc-masked.visualstudio.com/Test/_git/Test.UI

Cloning into 'Test.UI'...
Configuration::loadGitConfiguration
Program::loadOperationArguments
Configuration::tryGetEntry
Configuration::tryGetEntry
Configuration::tryGetEntry
Configuration::tryGetEntry
Configuration::tryGetEntry
Configuration::tryGetEntry
Program::EnableTraceLogging
Program::get
   targetUri = https://abc-masked.visualstudio.com/
Program::ComponentFactory::createSecureStore
Getting a persistent token store that must be secure
Getting a persistent credential store that must be secure
Program::createAuthentication
   detecting authority type
BaseVsoAuthentication::getAuthentication
BaseVsoAuthentication::detectAuthority
   detected visualstudio.com, checking AAD vs MSA
Fatal error encountered.  Details:
java.lang.Error: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.microsoft.alm.authentication.BaseVsoAuthentication.detectAuthority(BaseVsoAuthentication.java:293)
    at com.microsoft.alm.authentication.BaseVsoAuthentication.getAuthentication(BaseVsoAuthentication.java:324)
    at com.microsoft.alm.gitcredentialmanager.Program.createAuthentication(Program.java:915)
    at com.microsoft.alm.gitcredentialmanager.Program$ComponentFactory.createAuthentication(Program.java:1174)
    at com.microsoft.alm.gitcredentialmanager.Program.initialize(Program.java:883)
    at com.microsoft.alm.gitcredentialmanager.Program.get(Program.java:292)
    at com.microsoft.alm.gitcredentialmanager.Program.access$200(Program.java:63)
    at com.microsoft.alm.gitcredentialmanager.Program$3.call(Program.java:284)
    at com.microsoft.alm.gitcredentialmanager.Program$3.call(Program.java:281)
    at com.microsoft.alm.gitcredentialmanager.Program.innerMain(Program.java:195)
    at com.microsoft.alm.gitcredentialmanager.Program.main(Program.java:123)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1329)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1204)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1151)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:178)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
    at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
    at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:163)
    at com.microsoft.alm.helpers.HttpClient.head(HttpClient.java:97)
    at com.microsoft.alm.authentication.BaseVsoAuthentication.detectAuthority(BaseVsoAuthentication.java:277)
    ... 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:290)
    at java.base/sun.security.validator.Validator.validate(Validator.java:264)
    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:321)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:221)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1313)
    ... 25 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
    ... 31 more
fatal: credential helper '!java -Ddebug=true -Djava.net.useSystemProxies=true -jar /usr/local/Cellar/git-credential-manager/2.0.4/libexec/git-credential-manager-2.0.4.jar' told us to quit

我尝试了以下方法:

  1. 更新了 Java 版本

  2. 我从我的 VSTS 域 (abc-masked.visualstudio.com) 下载了证书并将其添加到 Java 密钥库,但这没有帮助。

    另外,我安装了 git-credential-manager。

我是 git 新手,你能指出我正确的方向吗?

编辑:当我在浏览器中打开此 URL https://abc-masked.visualstudio.com/ 时,会立即重定向到 https://dev.azure.com/abc-masked。所以我将 *.dev.azure.com*.visualstudio.com 证书添加到 Mac 钥匙串和 Java 密钥库中

【问题讨论】:

  • 错误提示“我找不到所有必要的证书,因此无法信任此站点”-> 信任链中的一个或多个证书丢失或无法加载。检查解决方案:stackoverflow.com/questions/9619030/…
  • @Jokkeri:我确实检查了线程,但我在 Mac 上,并且我已经将证书添加到 -keystore cacerts。还有什么我需要在这里验证的吗?
  • 可能是您只添加了实际的服务器证书,但缺少信任库中的 CA 证书。可能是 java 无法识别根证书颁发机构 (CA)。检查这个答案:stackoverflow.com/a/12524960/2996452
  • 我添加了 CA 证书,但仍然是同样的错误。也将证书添加到 Mac 钥匙串,但注意到似乎有效
  • 我不明白,为什么运行 git 命令时它运行的是 Java?

标签: java git macos ssl visual-studio-code


【解决方案1】:

实际上,您必须信任证书。获取受信任的证书以克隆存储库。你可以参考我的 github url,我正在做完全相同的克隆 repo。

https://github.com/debjava/ddlab-gitpusher-idea/blob/master/ddlab.gitpusher.core/src/main/java/com/ddlab/gitpusher/util/HTTPUtil.java

【讨论】:

  • 您必须以编程方式信任所有人。只需浏览我分享的 github 代码链接即可。如果可能,请分享您的代码,以便我检查。
  • 好吧,没有代码,我正在尝试从问题中提到的 Mac 终端克隆 git
猜你喜欢
  • 2011-09-20
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2022-08-15
  • 1970-01-01
  • 1970-01-01
  • 2022-11-25
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode