How can I compensate for an apparent SSL chain mismatch in Jsoup?









up vote
0
down vote

favorite












I'm requesting a webpage with the following code:



Jsoup.connect(url)
 .method(Connection.Method.GET)
 .execute()


The site I'm attempting to scrape shows the following certification path in Chrome:



1) ***REDACTED***
Issued by DigiCert Global CA G2

2) DigiCert Global CA G2
Issued by DigiCert Global Root G2

3) DigiCert Global Root G2
Issued by DigiCert Global Root G2


Running my program with -Djavax.net.debug=ssl shows this chain:



1) ***REDACTED***
Issued by DigiCert Global CA G2

2) Symantec Class 3 Secure Server SHA256 SSL CA
Issued by VeriSign Universal Root Certification Authority

3) VeriSign Universal Root Certification Authority
Issued by VeriSign Universal Root Certification Authority


The result is a javax.net.ssl.SSLHandshakeException. Testing the server in SSL Labs shows the correct chain under "Certification Paths" and the broken one under "Additional Certificates (if supplied)", with "Incomplete, Extra certs, Contains anchor" listed as chain issues. I have no desire to use validateTLSCertificates(false) unless absolutely necessary.



How can I ensure that Jsoup follows the correct certification path instead of getting distracted by the erroneous extra certificate?






ssl ssl-certificate jsoup







share|improve this question























  • Make sure you are using SNI. Nowadays many TLS servers, specially HTTPS one, sit on one IP but multiple names, so the certificates (and the whole TLS exchange) that the server will send back to client will depend on which hostname the client requested, as forwarded in the SNI extension.
    – Patrick Mevzek
    Nov 8 at 21:06










  • @PatrickMevzek Is SNI automatic with JVM 1.8 and Jsoup 1.11.3?
    – Shay Guy
    Nov 8 at 21:40














up vote
0
down vote

favorite












I'm requesting a webpage with the following code:



Jsoup.connect(url)
 .method(Connection.Method.GET)
 .execute()


The site I'm attempting to scrape shows the following certification path in Chrome:



1) ***REDACTED***
Issued by DigiCert Global CA G2

2) DigiCert Global CA G2
Issued by DigiCert Global Root G2

3) DigiCert Global Root G2
Issued by DigiCert Global Root G2


Running my program with -Djavax.net.debug=ssl shows this chain:



1) ***REDACTED***
Issued by DigiCert Global CA G2

2) Symantec Class 3 Secure Server SHA256 SSL CA
Issued by VeriSign Universal Root Certification Authority

3) VeriSign Universal Root Certification Authority
Issued by VeriSign Universal Root Certification Authority


The result is a javax.net.ssl.SSLHandshakeException. Testing the server in SSL Labs shows the correct chain under "Certification Paths" and the broken one under "Additional Certificates (if supplied)", with "Incomplete, Extra certs, Contains anchor" listed as chain issues. I have no desire to use validateTLSCertificates(false) unless absolutely necessary.



How can I ensure that Jsoup follows the correct certification path instead of getting distracted by the erroneous extra certificate?






ssl ssl-certificate jsoup







share|improve this question























  • Make sure you are using SNI. Nowadays many TLS servers, specially HTTPS one, sit on one IP but multiple names, so the certificates (and the whole TLS exchange) that the server will send back to client will depend on which hostname the client requested, as forwarded in the SNI extension.
    – Patrick Mevzek
    Nov 8 at 21:06










  • @PatrickMevzek Is SNI automatic with JVM 1.8 and Jsoup 1.11.3?
    – Shay Guy
    Nov 8 at 21:40












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I'm requesting a webpage with the following code:



Jsoup.connect(url)
 .method(Connection.Method.GET)
 .execute()


The site I'm attempting to scrape shows the following certification path in Chrome:



1) ***REDACTED***
Issued by DigiCert Global CA G2

2) DigiCert Global CA G2
Issued by DigiCert Global Root G2

3) DigiCert Global Root G2
Issued by DigiCert Global Root G2


Running my program with -Djavax.net.debug=ssl shows this chain:



1) ***REDACTED***
Issued by DigiCert Global CA G2

2) Symantec Class 3 Secure Server SHA256 SSL CA
Issued by VeriSign Universal Root Certification Authority

3) VeriSign Universal Root Certification Authority
Issued by VeriSign Universal Root Certification Authority


The result is a javax.net.ssl.SSLHandshakeException. Testing the server in SSL Labs shows the correct chain under "Certification Paths" and the broken one under "Additional Certificates (if supplied)", with "Incomplete, Extra certs, Contains anchor" listed as chain issues. I have no desire to use validateTLSCertificates(false) unless absolutely necessary.



How can I ensure that Jsoup follows the correct certification path instead of getting distracted by the erroneous extra certificate?






ssl ssl-certificate jsoup







share|improve this question















I'm requesting a webpage with the following code:



Jsoup.connect(url)
 .method(Connection.Method.GET)
 .execute()


The site I'm attempting to scrape shows the following certification path in Chrome:



1) ***REDACTED***
Issued by DigiCert Global CA G2

2) DigiCert Global CA G2
Issued by DigiCert Global Root G2

3) DigiCert Global Root G2
Issued by DigiCert Global Root G2


Running my program with -Djavax.net.debug=ssl shows this chain:



1) ***REDACTED***
Issued by DigiCert Global CA G2

2) Symantec Class 3 Secure Server SHA256 SSL CA
Issued by VeriSign Universal Root Certification Authority

3) VeriSign Universal Root Certification Authority
Issued by VeriSign Universal Root Certification Authority


The result is a javax.net.ssl.SSLHandshakeException. Testing the server in SSL Labs shows the correct chain under "Certification Paths" and the broken one under "Additional Certificates (if supplied)", with "Incomplete, Extra certs, Contains anchor" listed as chain issues. I have no desire to use validateTLSCertificates(false) unless absolutely necessary.



How can I ensure that Jsoup follows the correct certification path instead of getting distracted by the erroneous extra certificate?






ssl ssl-certificate jsoup




ssl ssl-certificate jsoup






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 12 at 8:40









Jayson Minard

35.7k13103170




35.7k13103170










asked Nov 8 at 19:56









Shay Guy

4661512




4661512











  • Make sure you are using SNI. Nowadays many TLS servers, specially HTTPS one, sit on one IP but multiple names, so the certificates (and the whole TLS exchange) that the server will send back to client will depend on which hostname the client requested, as forwarded in the SNI extension.
    – Patrick Mevzek
    Nov 8 at 21:06










  • @PatrickMevzek Is SNI automatic with JVM 1.8 and Jsoup 1.11.3?
    – Shay Guy
    Nov 8 at 21:40
















  • Make sure you are using SNI. Nowadays many TLS servers, specially HTTPS one, sit on one IP but multiple names, so the certificates (and the whole TLS exchange) that the server will send back to client will depend on which hostname the client requested, as forwarded in the SNI extension.
    – Patrick Mevzek
    Nov 8 at 21:06










  • @PatrickMevzek Is SNI automatic with JVM 1.8 and Jsoup 1.11.3?
    – Shay Guy
    Nov 8 at 21:40















Make sure you are using SNI. Nowadays many TLS servers, specially HTTPS one, sit on one IP but multiple names, so the certificates (and the whole TLS exchange) that the server will send back to client will depend on which hostname the client requested, as forwarded in the SNI extension.
– Patrick Mevzek
Nov 8 at 21:06




Make sure you are using SNI. Nowadays many TLS servers, specially HTTPS one, sit on one IP but multiple names, so the certificates (and the whole TLS exchange) that the server will send back to client will depend on which hostname the client requested, as forwarded in the SNI extension.
– Patrick Mevzek
Nov 8 at 21:06












@PatrickMevzek Is SNI automatic with JVM 1.8 and Jsoup 1.11.3?
– Shay Guy
Nov 8 at 21:40




@PatrickMevzek Is SNI automatic with JVM 1.8 and Jsoup 1.11.3?
– Shay Guy
Nov 8 at 21:40

















active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53215228%2fhow-can-i-compensate-for-an-apparent-ssl-chain-mismatch-in-jsoup%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown






























active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53215228%2fhow-can-i-compensate-for-an-apparent-ssl-chain-mismatch-in-jsoup%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

𛂒𛀶,𛀽𛀑𛂀𛃧𛂓𛀙𛃆𛃑𛃷𛂟𛁡𛀢𛀟𛁤𛂽𛁕𛁪𛂟𛂯,𛁞𛂧𛀴𛁄𛁠𛁼𛂿𛀤 𛂘,𛁺𛂾𛃭𛃭𛃵𛀺,𛂣𛃍𛂖𛃶 𛀸𛃀𛂖𛁶𛁏𛁚 𛂢𛂞 𛁰𛂆𛀔,𛁸𛀽𛁓𛃋𛂇𛃧𛀧𛃣𛂐𛃇,𛂂𛃻𛃲𛁬𛃞𛀧𛃃𛀅 𛂭𛁠𛁡𛃇𛀷𛃓𛁥,𛁙𛁘𛁞𛃸𛁸𛃣𛁜,𛂛,𛃿,𛁯𛂘𛂌𛃛𛁱𛃌𛂈𛂇 𛁊𛃲,𛀕𛃴𛀜 𛀶𛂆𛀶𛃟𛂉𛀣,𛂐𛁞𛁾 𛁷𛂑𛁳𛂯𛀬𛃅,𛃶𛁼

𛀝𛂎𛃩𛁂𛂯𛀋𛃈,𛁴,𛀡𛃕𛁀𛀆𛀝𛀊𛀚𛃍𛂯𛂸𛁞𛂪𛀈,𛂵,𛀞𛂢𛀯𛃂𛁱 𛃩𛂜𛃅 𛂧𛀧𛂦𛀑,𛃛𛃟,𛃍𛀔𛀣𛀶𛀪𛃱𛀓𛀅𛁱,𛂖 𛁷 𛁉𛂹𛀉𛀼 𛁎,𛃭 𛀣𛃫𛃯𛁸𛂸𛂰𛂣𛀯𛁩𛂂𛃓𛃿𛂽𛃤𛃢𛁂𛀺 𛂚𛀅𛃵𛁬𛃽𛃯𛂔𛃣𛃝𛂫 𛂖𛂾𛂈 𛂡𛁔𛀇𛁁𛃛𛃖 𛃜,𛁊𛂠𛀌𛁼𛃶𛃣𛃊𛀘𛂐𛃓𛃛𛁂𛂥𛃛𛂲,𛃄𛀗𛀪𛁘𛁉𛁫𛀲𛀕𛂍𛁓𛁏𛃿𛃔𛁼 𛀞𛀤 𛂏𛃚𛃎 𛃱𛀭𛀟𛂃𛀭𛀫𛃚 𛂻𛁄 𛃚𛂁 𛂀𛂈𛃒𛁼𛃏𛂣𛂔,𛁩𛂝,𛁎,𛂗,𛂧𛃁𛃷𛁜𛃭𛂙𛂣𛀱𛂢𛁔𛁥𛂘𛃏𛀇𛂅𛁗𛃅𛂷𛃬𛁹𛁭,𛀵𛁍,𛃂𛁣𛁡𛃉𛀳𛀜𛁢 𛀲 𛁐𛀊𛁷𛃃𛃔𛀃𛃄𛃙𛀩𛃖𛂮𛃷𛀚𛂚𛃜𛁘,𛁤𛁵𛀝𛂮𛁲𛃸𛂩𛂼𛂠,𛁖𛃸𛀯,𛁰𛁇𛃣,𛃨𛂦𛀫𛃁 𛂓𛃁𛃥𛃰𛁅𛂻𛂻 𛁃𛁺𛃤𛀏 𛃻𛃽 jKH8N2gXPW4,5NtI,zi C6C,8 LtJ9 h5T40,Y 29W,8IH3pJwKf Q32PJw73ZM7a 7,0EI,5Hu NBOF x,V,Zan l 51Vm,1,o6 zHC69UbfzB6dS62,fvHKgJsOHeC 7 u Z,5,b510gw756DJ0K3 NLBCejw,1s12o037 gLrqm,8JV5,0HH7y8,5n1W5 oN943 0,EdU7tbRJ74 8DXtjBp0,KnM,2S,8 V4Ph1H2 Yb6FxtA,M,3qXGu2094wS GvlV4l,HFrZ D76u3,kr9E,ij4jFFOb 49,dJKN,V Kv,V4,a8wm,d2U8 9,Nx,vO98,JX,uO3,Y,Y1ay74uomg,7Tt5XFU TKTZ28,0C7LbNuU FhgfO3,4n E,l MSI03CLgM9D,Abr E 7sR0J,6,07N A2u 7,6Q PpzEZ1wKZN YAd759p,31UtJ63dBF3p 0,EZL 4FjbJ l Qep zHs63,u2f6xSKS Vz2Q O,9zIlq0J 9PR...
Read more

How do I collapse sections of code in Visual Studio Code for Windows?

Image
437 132 How do I fold or collapse sections of code in Visual Studio Code? Is this feature supported? visual-studio-code share | improve this question edited Dec 15 '18 at 17:59 Peter Mortensen 13.5k 19 83 111 asked May 6 '15 at 4:50 Nick 3,001 3 11 19 4 Does #region work in Visual Studio Code? The code folding feature isn't supported, but maybe that's an alternative. – Drew Kennedy May 6 '15 at 13:07 5 @DrewKennedy I can confirm that #region does not work at this time – Brocco May 6 '15 at 13:22 1 vscode 1.17 (September 2017) introduced region code.visualstudio.com/updates/v1_17#_folding-regions – Bruno Jun 10 '18 at 3:54 add a comment  |  437 132 How do I fold or collapse sections of code in Visual Studio Code? Is this feature supported? visual-studio-code share | improve this question edited Dec 15 '18 at 17:59...
Read more

ャフサォクコ ケウ,コ,ワ メ,ロスョノ゙,クネ,フムカヤヲニ,エコ゚ツ ウイオン゙ケワサネォキモュキォウイノンコチ゚メヌナイゥフュ,カヒウネェ ネ,ホノケ,ムュキ ッボーミュハ,チ ツス ィ メウイマヤ,゙ウチ ヅ ロ,ォジヌェ ャヌット ェ,マャ,チナエヒネソキツテ トホヲヲミーァ

ンヤ,ルシシウリヌレソヒィキマヲコーテシホ ヘィフオエヒァォチ フキ,チ,セ ミ キ イヤ ユク゚ヘラョローュイ,モリシェオィァ ォェン ラミセレ トャ ュォヤァヲ,メ,ヘヌィォスソゥヲオキテヤンヲビ,ソエヲホノ゙ヨ,リ ェテヒ・サァケホシッノケカツフニノ ムフ,オャ ヨミエャツキイモァェフャ,チモツセユナムゥ エセ ヌリヘャタハ・モツゾルケサソシーォィゥレゥワロ,テト ケラスッムタヲレ,ウムヒョサミロ ノァヲャシン,ュメユナヨソフョソテゴレマルレ アエホヨラワレ ノ オュョユコンエノョ ケ ュ,ウ,リョリ゙ ワトオナョ,・ ワネソヤ,ニニサワイッャィサクニソヲオリ,ヒ,タス,ヲ ユラムォモ,ル,サ ミ ュヘナァセ,ァ ヤクネセノョフテヤレテヤホミ ョレヨヘニホヤョヒョンター゙ハヒ,ァウシニョテ,チ ヌ,キォムムヨルモヲワ ムーツ ホサキ,ヌリ ネメオ ン ム イミニホシ ヲホ,ヒルホオヒ イリ゙エ゚マッエェセミ ーヲホチョ,ワナ ニァネヘメャヒターヤフヘェノユョマモササハ ィ,ヘスリォノョァン,ー ケアウヤコ,ゥウネニレ,カメラ
Read more