PKIX path building failed (new project from template)

I’m trying to get Defold to work in an education environment and we keep getting the PKIX path building failed error when starting a new project.

i’ve tried to follow the guide but i’ve had no success so far, as far as I can tell its not the anti virus (we use Trend) and i’m not sure about the bit with certificates, i’m not at all familiar with Java so that whole section about keytool and cacerts means nothing to me, I’m not sure what needs to be changed or added if that is the problem.

the debugger gives the following output at the point where you select a new template (note; i had to remove the Djava.ext.dirs= section as it threw an error, not sure how much difference that makes)

Any help would be appreciated

Thanks

)
javax.net.ssl|DEBUG|1E|clojure-agent-send-off-pool-0|2021-11-25 10:02:23.508 GMT|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=github.com) was replaced with (type=host_name (0), value=github.com)
javax.net.ssl|ERROR|1E|clojure-agent-send-off-pool-0|2021-11-25 10:02:23.530 GMT|TransportContext.java:313|Fatal (HANDSHAKE_FAILURE): Couldn't kickstart handshaking (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
        at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(SSLSocketImpl.java:1321)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1160)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
        at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
        at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:3084)
        at java.base/java.net.URLConnection.getHeaderFieldLong(URLConnection.java:636)
        at java.base/java.net.URLConnection.getContentLengthLong(URLConnection.java:508)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getContentLengthLong(HttpsURLConnectionImpl.java:393)
        at util.net$download_BANG_.invokeStatic(net.clj:40)
        at editor.welcome$download_proj_zip_BANG_.invokeStatic(welcome.clj:213)
        at editor.welcome$show_welcome_dialog_BANG_$download_template_BANG___86844$fn__86851.invoke(welcome.clj:603)
        at clojure.core$binding_conveyor_fn$fn__5739.invoke(core.clj:2030)
        at clojure.lang.AFn.call(AFn.java:18)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)
  Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:167)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:108)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
        ... 19 more}

)
javax.net.ssl|DEBUG|1E|clojure-agent-send-off-pool-0|2021-11-25 10:02:23.534 GMT|SSLSocketImpl.java:1361|close the underlying socket
javax.net.ssl|DEBUG|1E|clojure-agent-send-off-pool-0|2021-11-25 10:02:23.535 GMT|SSLSocketImpl.java:1380|close the SSL connection (initiative)
javax.net.ssl|DEBUG|24|clojure-agent-send-off-pool-6|2021-11-25 10:02:23.571 GMT|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=www.google-analytics.com) was replaced with (type=host_name (0), value=www.google-analytics.com)

Defold comes with its own JRE (11.0.2 I think), and the package path is needed for that to work. What was the trouble you got?

What platform are you on?
What is your install path for Defold?

we keep getting the PKIX path building failed error when starting a new project.

I’ve never even heard of PKIX I’m afraid.

we are on Windows 20H2 64
Defold is is C:\Program Files\Defold

the faq gives the follwing to access debugging

packages\jre\bin\java -Djna.nosys=true -Ddefold.launcherpath=. -Ddefold.resourcespath=. -Ddefold.version=12345 -Ddefold.editor.sha1=<editor_sha1 from config file> -Ddefold.engine.sha1=testing -Ddefold.buildtime=testing -Ddefold.channel= -Djava.ext.dirs=packages\jre\lib\ext -Djava.net.preferIPv4Stack=true -Dsun.net.client.defaultConnectTimeout=30000 -Dsun.net.client.defaultReadTimeout=30000 -Djogl.texture.notexrect=true -Dglass.accessible.force=false -Djavax.net.debug=SSL -jar packages\defold-<editor_sha1 from config file>.jar

so for us this would be

packages\jdk11.0.1-p1\bin\java -Djna.nosys=true -Ddefold.launcherpath=. -Ddefold.resourcespath=. -Ddefold.version=12345 -Ddefold.editor.sha1=229b4dbc78495615871b3a7679e79d75d018c27a -Ddefold.engine.sha1=testing -Ddefold.buildtime=testing -Ddefold.channel= -Djava.ext.dirs=packages\jdk11.0.1-p1\lib\ext -Djava.net.preferIPv4Stack=true -Dsun.net.client.defaultConnectTimeout=30000 -Dsun.net.client.defaultReadTimeout=30000 -Djogl.texture.notexrect=true -Dglass.accessible.force=false -Djavax.net.debug=SSL -jar packages\defold-229b4dbc78495615871b3a7679e79d75d018c27a.jar

which gives the error
-Djava.ext.dirs=packages\jdk11.0.1-p1\lib\ext is not supported. Use -classpath instead.

the actual error we get is;
image

when trying to create a new project from a template (even empty project)

1 Like

When you select a template or sample from the editor it downloads a copy of the project from GitHub.

You can do this manually and download the template project as a zip file, unzip it and open it from the Welcome screen.

(It’s a workaround at least!)

Thanks, this seem to be working so far