I’m facing an SSL validation problem with Akka Streams S3, resulting in a javax.net.ssl.SSLHandshakeException with the message: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Since I can’t override the HTTP client directly, I’m reaching out for advice on how to resolve this within the limitations of the library.
"com.lightbend.akka" %% "akka-stream-alpakka-s3" % "3.0.4"
I’ve attempted the following settings:
System Properties:
-Dcom.sun.net.ssl.checkRevocation=false
-Djdk.internal.httpclient.disableHostnameVerification=true
And also added the following configuration block in application.conf:
akka {
loglevel = "INFO"
ssl-config {
loose {
allowUnsafeRenegotiation = true
disableHostnameVerification = true
acceptAnyCertificate = true
}
}
}
I apologize for the delay in my response. The issue you’re facing with the SSL validation problem in Akka Streams S3 is a common one, and there are a few potential solutions you can try.
- Update the Alpakka S3 library: Ensure that you’re using the latest version of the akka-stream-alpakka-s3 library, as newer versions may have addressed this issue or provided better workarounds.
- Use the S3Settings class: The S3Settings class in the Alpakka S3 library allows you to configure the underlying HTTP client used for S3 operations. You can try setting the credentialsProvider and sslContext properties to provide your own custom SSL configuration. Here’s an example:
import com.amazonaws.auth.AWSCredentialsProvider
import com.lightbend.akka.stream.alpakka.s3.S3Settings
import javax.net.ssl.{KeyManager, SSLContext, TrustManager}
// Create your custom SSL context
val sslContext: SSLContext = SSLContext.getInstance("TLS")
sslContext.init(Array[KeyManager](), Array[TrustManager](new CustomTrustManager()), null)
// Create your custom AWS credentials provider
val credentialsProvider: AWSCredentialsProvider = ???
// Use the S3Settings to configure the Alpakka S3 client
val s3Settings = S3Settings(
sslContext = sslContext,
credentialsProvider = credentialsProvider
)
- Override the HTTP client directly: Although you mentioned that you can’t override the HTTP client directly, if possible, you could try creating a custom HttpExt implementation and using it with the Alpakka S3 client. This would allow you to have more control over the SSL configuration.
- Use a different S3 client library: If the above solutions KrogerFeedback don’t work for you, you could consider using a different S3 client library, such as the AWS SDK for Scala or the S3 client provided by the Java AWS SDK.
Here’s an example of how you could use the AWS SDK for Scala to interact with S3:
import com.amazonaws.auth.AWSCredentialsProvider
import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration
import com.amazonaws.services.s3.AmazonS3ClientBuilder
// Create your custom AWS credentials provider
val credentialsProvider: AWSCredentialsProvider = ???
// Create the S3 client with custom configuration
val s3Client = AmazonS3ClientBuilder.standard()
.withCredentials(credentialsProvider)
.withEndpointConfiguration(new EndpointConfiguration("s3.amazonaws.com", "us-east-1"))
.build()
Please note that the specific implementation details may vary depending on your use case and the specific requirements of your application. If you’re still having trouble, feel free to provide more information about your setup, and I’ll try to assist you further.
Hmm, I think we got ourselves a bot.
Is that a self signed cert to some alternative S3-like service @pepeperez11999 or is it the actual AWS one returning a certificate that your JDK doesn’t like? One option could be to add the cert (or its CA) to your local JDK trust store.