[jbosstools-issues] [JBoss JIRA] (JBIDE-14760) Cannot connect to OpenShift Enterprise with hostname: javax.net.ssl.SSLProtocolException
Andre Dietisheim (JIRA)
jira-events at lists.jboss.org
Wed Jun 5 08:14:54 EDT 2013
[ https://issues.jboss.org/browse/JBIDE-14760?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12779468#comment-12779468 ]
Andre Dietisheim edited comment on JBIDE-14760 at 6/5/13 8:13 AM:
------------------------------------------------------------------
There's a lengthy discussion about this at http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0
The cause of this is a "misconfigured" server which does not have the correct servername or serveralias. in case of apache it is missing the following configuration which solves it:
{code}
<VirtualHost mydomain.com:443>
ServerName mydomain.com
ServerAlias www.mydomain.com
{code}
If the above is missing from apache the server is warning the client while TLS/SSL handshaking that the requested name is not recognized (Level: Warning, Description: Unrecognized Name), Server mydomain.com.
JDK7 (not JDK6!) then reacts to it with a "Fatal, Description: Unexpected Message". This is an additional check in JDK7 which they refuse to correct: "7127374 : JSSE creates SSLProtocolException on (common) warning: unrecognized_name for SNI" http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7127374
The openshift-java-client currently sets this system property (https://github.com/adietish/openshift-java-client/blob/master/src/main/java/com/openshift/internal/client/httpclient/UrlConnectionHttpClient.java#L326) but it has no effect since it is not the first one to do SSL connections in Eclipse:
{code: title=UrlConnectionHttpClient}
// JDK7 bug workaround
System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
{code}
So the only fix that we currently have in Eclipse is to either connect to OpenShift Enterprise instances via IP-address or to turn SNI-checks off globally in *eclipse.ini/jbdevstudio.ini*:
{code}
-Djsse.enableSNIExtension=false
{code}
was (Author: adietish):
There's a lengthy discussion about this at http://stackoverflow.com/questions/7615645/ssl-handshake-alert-unrecognized-name-error-since-upgrade-to-java-1-7-0
The cause of this is a "misconfigured" server which does not have the correct servername or serveralias. in case of apache it is missing the following configuration which solves it:
{code}
<VirtualHost mydomain.com:443>
ServerName mydomain.com
ServerAlias www.mydomain.com
{code}
If the above is missing from apache the server is warning the client while TLS/SSL handshaking that the requested name is not recognized (Level: Warning, Description: Unrecognized Name), Server mydomain.com.
JDK7 (not JDK6!) then reacts to it with a "Fatal, Description: Unexpected Message". This is an additional check in JDK7 which they refuse to correct: "7127374 : JSSE creates SSLProtocolException on (common) warning: unrecognized_name for SNI" http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7127374
The openshift-java-client currently sets this system property (https://github.com/adietish/openshift-java-client/blob/master/src/main/java/com/openshift/internal/client/httpclient/UrlConnectionHttpClient.java#L326) but it has no effect since it is not the first one to do SSL connections in Eclipse:
{code: title=UrlConnectionHttpClient}
// JDK7 bug workaround
System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
{code}
So the only fix that we currently have in Eclipse is to either connect to OpenShift Enterprise instances via IP-address or to turn SNI-checks off globally in eclipse.ini/jbdevstudio.ini:
{code}
-Djsse.enableSNIExtension=false
{code}
> Cannot connect to OpenShift Enterprise with hostname: javax.net.ssl.SSLProtocolException
> ----------------------------------------------------------------------------------------
>
> Key: JBIDE-14760
> URL: https://issues.jboss.org/browse/JBIDE-14760
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.1.0.Beta2
> Environment: jdk7
> Reporter: jing zh
> Assignee: Andre Dietisheim
> Fix For: 4.1.0.Beta2
>
> Attachments: JBT_test.png
>
>
> If trying to connect openshift server ,it would be failed with following error shown.
> Could not verify credentials for jinzhang1: Could not request https://broker.osetestv2.com/broker/rest/api: javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list