[jbosstools-issues] [JBoss JIRA] (JBDS-2679) Problems with ssl connections
Radim Hopp (JIRA)
jira-events at lists.jboss.org
Tue Jul 9 07:49:21 EDT 2013
Radim Hopp created JBDS-2679:
--------------------------------
Summary: Problems with ssl connections
Key: JBDS-2679
URL: https://issues.jboss.org/browse/JBDS-2679
Project: Developer Studio (JBoss Developer Studio)
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Central, updatesite
Affects Versions: 7.0.0.CR1
Environment: jbds 7.0.0.CR1a, Fedora 18, java 1.7.0_21 64b
Reporter: Radim Hopp
Priority: Blocker
Fix For: 7.0.0.CR1
{noformat:title=jbdevstudio.ini}
$ cat eclipse/jbdevstudio-7.0.0.CR1a/studio/jbdevstudio.ini
-vm
/usr/java/jdk1.7.0_21/bin/java
-startup
plugins/org.eclipse.equinox.launcher_1.3.0.v20130327-1440.jar
--launcher.library
plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.200.v20130521-0416
-product
com.jboss.jbds.product.product
-showsplash
platform\:/base/plugins/com.jboss.jbds.product
--launcher.XXMaxPermSize
256m
--launcher.defaultAction
openFile
-vmargs
-Djboss.discovery.directory.url=http://www.qa.jboss.com/binaries/RHDS/discovery/development/7.0.0.CR1a/devstudio-directory.xml
-Djboss.discovery.site.url=http://www.qa.jboss.com/binaries/RHDS/discovery/development/7.0.0.CR1a/
-Xms512m
-Xmx1024m
-Dosgi.instance.area.default=@user.home/workspace
{noformat}
After startup (when JBoss Central is shown) 1 error and 1 warning are logged into Error Log:
error:
{noformat:title=Unable to read repository at https://devstudio.jboss.com/updates/7.0-development/content.xml.}
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263)
at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
{noformat}
warning:
{noformat:title=Connection to https://devstudio.jboss.com/updates/7.0-development/p2.index failed on sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed. Retry attempt 0 started}
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:271)
at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:276)
at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:194)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:258)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:647)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:464)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.performConnect(HttpClientRetrieveFileTransfer.java:1074)
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.openStreams(HttpClientRetrieveFileTransfer.java:621)
at org.eclipse.ecf.provider.filetransfer.retrieve.AbstractRetrieveFileTransfer.sendRetrieveRequest(AbstractRetrieveFileTransfer.java:879)
at org.eclipse.ecf.provider.filetransfer.retrieve.AbstractRetrieveFileTransfer.sendRetrieveRequest(AbstractRetrieveFileTransfer.java:570)
at org.eclipse.ecf.provider.filetransfer.retrieve.MultiProtocolRetrieveAdapter.sendRetrieveRequest(MultiProtocolRetrieveAdapter.java:106)
at org.eclipse.equinox.internal.p2.transport.ecf.FileReader.sendRetrieveRequest(FileReader.java:422)
at org.eclipse.equinox.internal.p2.transport.ecf.FileReader.readInto(FileReader.java:355)
at org.eclipse.equinox.internal.p2.transport.ecf.RepositoryTransport.download(RepositoryTransport.java:101)
at org.eclipse.equinox.internal.p2.transport.ecf.RepositoryTransport.download(RepositoryTransport.java:156)
at org.eclipse.equinox.internal.p2.repository.helpers.AbstractRepositoryManager.loadIndexFile(AbstractRepositoryManager.java:735)
at org.eclipse.equinox.internal.p2.repository.helpers.AbstractRepositoryManager.loadRepository(AbstractRepositoryManager.java:657)
at org.eclipse.equinox.internal.p2.metadata.repository.MetadataRepositoryManager.loadRepository(MetadataRepositoryManager.java:96)
at org.eclipse.equinox.internal.p2.metadata.repository.MetadataRepositoryManager.loadRepository(MetadataRepositoryManager.java:92)
at org.eclipse.equinox.internal.p2.updatechecker.UpdateChecker.getAvailableRepositories(UpdateChecker.java:150)
at org.eclipse.equinox.internal.p2.updatechecker.UpdateChecker.checkForUpdates(UpdateChecker.java:128)
at org.eclipse.equinox.internal.p2.updatechecker.UpdateChecker$UpdateCheckThread.run(UpdateChecker.java:72)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
... 34 more
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
... 40 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Tue Jul 09 03:46:52 CEST 2013
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:581)
at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:184)
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:136)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
... 44 more
{noformat}
I'm also unable to install third party plugins (such as PMD) from JBoss Central. When trying, this error is shown:
{noformat:title=Problems occurred while performing installation: The following connectors are not available: PMD (id=net.sourceforge.pmd.eclipse.feature.group, site=http://www.qa.jboss.com/binaries/RHDS/discovery/development/7.0.0.CR1a/)}
org.eclipse.core.runtime.CoreException: The following connectors are not available: PMD (id=net.sourceforge.pmd.eclipse.feature.group, site=http://www.qa.jboss.com/binaries/RHDS/discovery/development/7.0.0.CR1a/)
at org.eclipse.mylyn.internal.discovery.ui.PrepareInstallProfileJob_e_3_6.checkForUnavailable(PrepareInstallProfileJob_e_3_6.java:300)
at org.eclipse.mylyn.internal.discovery.ui.PrepareInstallProfileJob_e_3_6.computeInstallableUnits(PrepareInstallProfileJob_e_3_6.java:210)
at org.eclipse.mylyn.internal.discovery.ui.PrepareInstallProfileJob_e_3_6.run(PrepareInstallProfileJob_e_3_6.java:95)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
{noformat}
Possible cause can be 403 - Forbidden on https://devstudio.jboss.com/updates/7.0-staging/extras/4.30.4/
Note, that these errors do not appear in JBT 4.1.0.CR1a.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list