[ https://issues.jboss.org/browse/JBIDE-10451?page=com.atlassian.jira.plugi... ] Andre Dietisheim updated JBIDE-10451: ------------------------------------- Fix Version/s: 3.3.0.Beta1 (was: 3.3.0.M5) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/JBIDE-10451?page=com.atlassian.jira.plugi... ] Andre Dietisheim commented on JBIDE-10451: ------------------------------------------ This was a very hard one, but it looks like I finally found out how to cleanly completely turn off the SSL checks HttpsUrlConnection does by default. Here once again you can see very well why so many people switched from the jdk default to 3rd party libraries (apache http client etc.). The jdk default is a very verbose and not obvious API: Here are the relevant changes in the client: * UrlConnectionHttpClient: {code} private HttpURLConnection createConnection(String userAgent, URL url) throws IOException { HttpURLConnection connection = (HttpURLConnection) url.openConnection(); if (isHttps(url) && !doSSLChecks) { HttpsURLConnection httpsConnection = (HttpsURLConnection) connection; httpsConnection.setHostnameVerifier(new NoopHostnameVerifier()); setPermissiveSSLSocketFactory(httpsConnection); } {code} {code} private boolean isHttps(URL url) { return "https".equals(url.getProtocol()); } {code} {code} /** * Sets a trust manager that will always trust. * <p> * TODO: dont swallog exceptions and setup things so that they dont disturb other components. */ private void setPermissiveSSLSocketFactory(HttpsURLConnection connection) { try { SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(new KeyManager[0], new TrustManager[] { new PermissiveTrustManager() }, new SecureRandom()); SSLSocketFactory socketFactory = sslContext.getSocketFactory(); ((HttpsURLConnection) connection).setSSLSocketFactory(socketFactory); } catch (KeyManagementException e) { // ignore } catch (NoSuchAlgorithmException e) { // ignore } } {code} {code} private static class PermissiveTrustManager implements X509TrustManager { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } } {code} {code} private static class NoopHostnameVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession sslSession) { return true; } } {code} I swallowed the exceptions to get things done, but we should at least log what happend. We should port this fix to Bill DeCoste's branch of the client, his solution set the trust manager for the whole jvm and is therefore neither osgi friendly nor thread safe. To have jboss Tools working with the OpenShift development environment, we have to migrate the patches that were done to the (org.jboss.tools...) client to the new client (com.redhat...) that we want to use in TRUNK. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/JBIDE-10451?page=com.atlassian.jira.plugi... ] Andre Dietisheim commented on JBIDE-10451: ------------------------------------------ I switched to the new client library (JBIDE-10455) which has the fix and ran into timeouts when trying to connect to the current dev env. Will have to check again later and verify with #libra if dev env's currently down or if it simply switched to a new host. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/JBIDE-10451?page=com.atlassian.jira.plugi... ] Stefan Bunciak closed JBIDE-10451. ---------------------------------- Succesfully created application on development env and embedded mysql cartridge to it. Verified on JBoss Tools 3.3.0.Beta1e -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira