This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
It seems the CSS Validator does not use SNI when making requests. Since this is becoming quite common in modern browsers, it may also become more common in installations. Not being able to validate pages which are served correctly only if using SNI can become quite annoying. The (X)HTML Validator doesn't support SNI either, but it accepts any certificate whatsoever (I'm not saying this is correct behaviour, but for a validation service it is not *that* bad), which is why I'm submitting this bug report only for the CSS Validator. I've tested using https://openid.cnix.ro. Here is the error I am getting back: I/O Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I suppose this error is due to a wrong certificate being given by the server (I've checked my debug logs and the validator is not sending the hostname using SNI and therefore is getting a certificate signed by my own CA). Thanks, Luci Stanescu
Modifications were done earlier to accept all certificates (including self-signed ones). However using SNI depends on the availability of libraries for that, or support in the JDK.