[jbosstools-issues] [JBoss JIRA] (JBIDE-14767) openshift-java-client: remove code that disables SNI checks with JDK7
Andre Dietisheim (JIRA)
jira-events at lists.jboss.org
Wed Jun 5 18:44:54 EDT 2013
Andre Dietisheim created JBIDE-14767:
----------------------------------------
Summary: openshift-java-client: remove code that disables SNI checks with JDK7
Key: JBIDE-14767
URL: https://issues.jboss.org/browse/JBIDE-14767
Project: Tools (JBoss Tools)
Issue Type: Enhancement
Components: openshift
Affects Versions: 4.1.0.Beta2
Reporter: Andre Dietisheim
Assignee: Andre Dietisheim
Fix For: 4.1.0.Beta2
The UrlConnectionHttpClient tries to disable SNI checks that cause the HttpUrlConnection when handshaking SSL with hosts that dont have a valid hostname/alias:
*javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name* (JBIDE-14760)
The openshift-java-client currently sets the system property (https://github.com/adietish/openshift-java-client/blob/master/src/main/java/com/openshift/internal/client/httpclient/UrlConnectionHttpClient.java#L326) but it has no effect since it is not the first one to do SSL connections in Eclipse:
{code: title=UrlConnectionHttpClient}
// JDK7 bug workaround
System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
{code}
So the only valid fix in Eclipse is to either connect to OpenShift Enterprise instances via IP-address or to turn SNI-checks off globally in *eclipse.ini/jbdevstudio.ini*:
{code}
-Djsse.enableSNIExtension=false
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list