[jbosstools-issues] [JBoss JIRA] (JBIDE-14767) openshift-java-client: remove code that disables SNI checks with JDK7
[
https://issues.jboss.org/browse/JBIDE-14767?page=com.atlassian.jira.plugi...
]
Andre Dietisheim updated JBIDE-14767:
-------------------------------------
Description:
The UrlConnectionHttpClient tries to disable SNI checks that cause the HttpUrlConnection
when handshaking SSL with hosts that dont have a valid hostname/alias:
*javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name* (JBIDE-14760)
!ssl-handshake-error.png!
The openshift-java-client currently sets the system property
(https://github.com/adietish/openshift-java-client/blob/master/src/main/ja...):
{code: title=UrlConnectionHttpClient}
// JDK7 bug workaround
System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
{code}
This "fix" is very bad since it turns these checks off in the whole JVM.
Furthermore it has no effects since it would only affect SSL libraries that are loaded
after that system property was set.
So the only valid fix in Eclipse is to either connect to OpenShift Enterprise instances
via IP-address or to turn SNI-checks off globally in *eclipse.ini/jbdevstudio.ini*:
{code}
-Djsse.enableSNIExtension=false
{code}
We have to remove the above code that set the system property.
was:
The UrlConnectionHttpClient tries to disable SNI checks that cause the HttpUrlConnection
when handshaking SSL with hosts that dont have a valid hostname/alias:
*javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name* (JBIDE-14760)
!ssl-handshake-error.png!
The openshift-java-client currently sets the system property
(https://github.com/adietish/openshift-java-client/blob/master/src/main/ja...):
{code: title=UrlConnectionHttpClient}
// JDK7 bug workaround
System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
{code}
This "fix" is very bad since it turns these checks off in the whole JVM.
Furthermore it has no effects since it would only affect SSL libraries that are loaded
after that system property was set.
So the only valid fix in Eclipse is to either connect to OpenShift Enterprise instances
via IP-address or to turn SNI-checks off globally in *eclipse.ini/jbdevstudio.ini*:
{code}
-Djsse.enableSNIExtension=false
{code}
openshift-java-client: remove code that disables SNI checks with
JDK7
---------------------------------------------------------------------
Key: JBIDE-14767
URL: https://issues.jboss.org/browse/JBIDE-14767
Project: Tools (JBoss Tools)
Issue Type: Enhancement
Components: openshift
Affects Versions: 4.1.0.Beta2
Reporter: Andre Dietisheim
Assignee: Andre Dietisheim
Priority: Critical
Fix For: 4.1.0.Beta2
Attachments: ssl-handshake-error.png
The UrlConnectionHttpClient tries to disable SNI checks that cause the HttpUrlConnection
when handshaking SSL with hosts that dont have a valid hostname/alias:
*javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name* (JBIDE-14760)
!ssl-handshake-error.png!
The openshift-java-client currently sets the system property
(https://github.com/adietish/openshift-java-client/blob/master/src/main/ja...):
{code: title=UrlConnectionHttpClient}
// JDK7 bug workaround
System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
{code}
This "fix" is very bad since it turns these checks off in the whole JVM.
Furthermore it has no effects since it would only affect SSL libraries that are loaded
after that system property was set.
So the only valid fix in Eclipse is to either connect to OpenShift Enterprise instances
via IP-address or to turn SNI-checks off globally in *eclipse.ini/jbdevstudio.ini*:
{code}
-Djsse.enableSNIExtension=false
{code}
We have to remove the above code that set the system property.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira