11841 2011-01-23 21:26:24 +0000 Support for SNI (Server Name Indication) 2014-05-09 01:07:42 +0000 1 1 1 Unclassified CSSValidator Other CSS Validator All All NEW P2 enhancement --- 1 luci dave.null luci mnot www-validator-cvs oldest_to_newest 44636 0 luci 2011-01-23 21:26:24 +0000 It seems the CSS Validator does not use SNI when making requests. Since this is becoming quite common in modern browsers, it may also become more common in installations. Not being able to validate pages which are served correctly only if using SNI can become quite annoying. The (X)HTML Validator doesn't support SNI either, but it accepts any certificate whatsoever (I'm not saying this is correct behaviour, but for a validation service it is not *that* bad), which is why I'm submitting this bug report only for the CSS Validator. I've tested using https://openid.cnix.ro. Here is the error I am getting back: I/O Error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I suppose this error is due to a wrong certificate being given by the server (I've checked my debug logs and the validator is not sending the hostname using SNI and therefore is getting a certificate signed by my own CA). Thanks, Luci Stanescu 59291 1 ylafon 2011-10-31 13:37:24 +0000 Modifications were done earlier to accept all certificates (including self-signed ones). However using SNI depends on the availability of libraries for that, or support in the JDK.