[jbosstools-issues] [JBoss JIRA] (JBDS-2679) SSL Cert on devstudio.jboss.com has expired; cannot check for updates, install JBDS BYOE from Marketplace, or install from JBDS Central
Nick Boldt (JIRA)
jira-events at lists.jboss.org
Tue Jul 9 15:35:21 EDT 2013
[ https://issues.jboss.org/browse/JBDS-2679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12788667#comment-12788667 ]
Nick Boldt edited comment on JBDS-2679 at 7/9/13 3:35 PM:
----------------------------------------------------------
New GeoTrust SSL cert installed on https://devstudio.jboss.com server, with validity from 2013-07-08 to 2015-08-10. Can now:
a) in JBDS 7, view contents of JBDS Central (no errors)
b) in JBDS 7, check for updates and install them (no errors)
c) in Eclipse, install JBDS 7 Beta2 from Eclipse Marketplace (no errors)
d) in JBDS 7 BYOE (inside Eclipse) search JBDS 7 Central and install multiple connectors (no errors)
Did not check older versions of JBDS (4, 5, 6) for their ability to ping Central or check for updates. Users might have to restart their JBDS if they saw errors so that the cached problem goes away and JBDS sees the new cert. (Not sure.)
was (Author: nickboldt):
New GeoTrust SSL cert installed on https://devstudio.jboss.com server, with validity from 2013-07-08 to 2015-08-10. Can now:
a) in JBDS, view contents of JBDS Central (no errors)
b) in JBDS, check for updates and install them (no errors)
c) in Eclipse, install JBDS 7 Beta2 from Eclipse Marketplace (no errors)
d) in JBDS BYOE (inside Eclipse) search JBDS Central and install multiple connectors (no errors)
> SSL Cert on devstudio.jboss.com has expired; cannot check for updates, install JBDS BYOE from Marketplace, or install from JBDS Central
> ---------------------------------------------------------------------------------------------------------------------------------------
>
> Key: JBDS-2679
> URL: https://issues.jboss.org/browse/JBDS-2679
> Project: Developer Studio (JBoss Developer Studio)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Build, updatesite
> Affects Versions: 7.0.0.CR1
> Environment: jbds 7.0.0.CR1a, Fedora 18, java 1.7.0_21 64b
> Reporter: Radim Hopp
> Assignee: Nick Boldt
> Priority: Blocker
> Fix For: 7.0.0.CR1
>
> Attachments: 2679.png, 2679_2.png, 2679_3.png, 2679_4.png, 2679_5.png
>
>
> {noformat:title=jbdevstudio.ini}
> $ cat eclipse/jbdevstudio-7.0.0.CR1a/studio/jbdevstudio.ini
> -vm
> /usr/java/jdk1.7.0_21/bin/java
> -startup
> plugins/org.eclipse.equinox.launcher_1.3.0.v20130327-1440.jar
> --launcher.library
> plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.200.v20130521-0416
> -product
> com.jboss.jbds.product.product
> -showsplash
> platform\:/base/plugins/com.jboss.jbds.product
> --launcher.XXMaxPermSize
> 256m
> --launcher.defaultAction
> openFile
> -vmargs
> -Djboss.discovery.directory.url=http://www.qa.jboss.com/binaries/RHDS/discovery/development/7.0.0.CR1a/devstudio-directory.xml
> -Djboss.discovery.site.url=http://www.qa.jboss.com/binaries/RHDS/discovery/development/7.0.0.CR1a/
> -Xms512m
> -Xmx1024m
> -Dosgi.instance.area.default=@user.home/workspace
> {noformat}
> After startup (when JBoss Central is shown) 1 error and 1 warning are logged into Error Log:
> error:
> {noformat:title=Unable to read repository at https://devstudio.jboss.com/updates/7.0-development/content.xml.}
> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
> at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
> at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
> at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
> at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
> at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
> at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
> at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263)
> at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69)
> at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
> {noformat}
> warning:
> {noformat:title=Connection to https://devstudio.jboss.com/updates/7.0-development/p2.index failed on sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed. Retry attempt 0 started}
> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
> at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
> at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
> at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
> at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
> at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:271)
> at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:276)
> at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:194)
> at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:258)
> at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
> at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:647)
> at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:464)
> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
> at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
> at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.performConnect(HttpClientRetrieveFileTransfer.java:1074)
> at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientRetrieveFileTransfer.openStreams(HttpClientRetrieveFileTransfer.java:621)
> at org.eclipse.ecf.provider.filetransfer.retrieve.AbstractRetrieveFileTransfer.sendRetrieveRequest(AbstractRetrieveFileTransfer.java:879)
> at org.eclipse.ecf.provider.filetransfer.retrieve.AbstractRetrieveFileTransfer.sendRetrieveRequest(AbstractRetrieveFileTransfer.java:570)
> at org.eclipse.ecf.provider.filetransfer.retrieve.MultiProtocolRetrieveAdapter.sendRetrieveRequest(MultiProtocolRetrieveAdapter.java:106)
> at org.eclipse.equinox.internal.p2.transport.ecf.FileReader.sendRetrieveRequest(FileReader.java:422)
> at org.eclipse.equinox.internal.p2.transport.ecf.FileReader.readInto(FileReader.java:355)
> at org.eclipse.equinox.internal.p2.transport.ecf.RepositoryTransport.download(RepositoryTransport.java:101)
> at org.eclipse.equinox.internal.p2.transport.ecf.RepositoryTransport.download(RepositoryTransport.java:156)
> at org.eclipse.equinox.internal.p2.repository.helpers.AbstractRepositoryManager.loadIndexFile(AbstractRepositoryManager.java:735)
> at org.eclipse.equinox.internal.p2.repository.helpers.AbstractRepositoryManager.loadRepository(AbstractRepositoryManager.java:657)
> at org.eclipse.equinox.internal.p2.metadata.repository.MetadataRepositoryManager.loadRepository(MetadataRepositoryManager.java:96)
> at org.eclipse.equinox.internal.p2.metadata.repository.MetadataRepositoryManager.loadRepository(MetadataRepositoryManager.java:92)
> at org.eclipse.equinox.internal.p2.updatechecker.UpdateChecker.getAvailableRepositories(UpdateChecker.java:150)
> at org.eclipse.equinox.internal.p2.updatechecker.UpdateChecker.checkForUpdates(UpdateChecker.java:128)
> at org.eclipse.equinox.internal.p2.updatechecker.UpdateChecker$UpdateCheckThread.run(UpdateChecker.java:72)
> Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
> at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:350)
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:249)
> at sun.security.validator.Validator.validate(Validator.java:260)
> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
> ... 34 more
> Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
> at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:159)
> at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:351)
> at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:191)
> at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279)
> at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:345)
> ... 40 more
> Caused by: java.security.cert.CertificateExpiredException: NotAfter: Tue Jul 09 03:46:52 CEST 2013
> at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:273)
> at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:581)
> at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:184)
> at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:136)
> at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133)
> ... 44 more
> {noformat}
> I'm also unable to install third party plugins (such as PMD) from JBoss Central. When trying, this error is shown:
> {noformat:title=Problems occurred while performing installation: The following connectors are not available: PMD (id=net.sourceforge.pmd.eclipse.feature.group, site=http://www.qa.jboss.com/binaries/RHDS/discovery/development/7.0.0.CR1a/)}
> org.eclipse.core.runtime.CoreException: The following connectors are not available: PMD (id=net.sourceforge.pmd.eclipse.feature.group, site=http://www.qa.jboss.com/binaries/RHDS/discovery/development/7.0.0.CR1a/)
> at org.eclipse.mylyn.internal.discovery.ui.PrepareInstallProfileJob_e_3_6.checkForUnavailable(PrepareInstallProfileJob_e_3_6.java:300)
> at org.eclipse.mylyn.internal.discovery.ui.PrepareInstallProfileJob_e_3_6.computeInstallableUnits(PrepareInstallProfileJob_e_3_6.java:210)
> at org.eclipse.mylyn.internal.discovery.ui.PrepareInstallProfileJob_e_3_6.run(PrepareInstallProfileJob_e_3_6.java:95)
> at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
> {noformat}
> Possible cause can be 403 - Forbidden on https://devstudio.jboss.com/updates/7.0-staging/extras/4.30.4/
> I assume, that the first two errors will disappear when CR1 is out, but I'm not sure about the third...
> Note, that these errors do not appear in JBT 4.1.0.CR1a.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list