[
https://issues.apache.org/jira/browse/SOLR-13541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16863148#comment-16863148
]
Kevin Risden commented on SOLR-13541:
-------------------------------------
[~erickerickson] - Pulled this out from the logs. I wonder if our tests aren't
setting up the SAN (subject alternative names) correctly for local host TLS/SSL
testing. There has been a push to move from CN -> SAN checking in certificates.
Browsers/JDK/etc have been making that change. It accounts for at least a few
of the test failures it looks like.
{code:java}
[junit4] 2> Caused by: java.security.cert.CertificateException: No subject
alternative names matching IP address 127.0.0.1 found
[junit4] 2> at
sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
[junit4] 2> at
sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
[junit4] 2> at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
[junit4] 2> at
sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1068)
[junit4] 2> at
sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1007)
[junit4] 2> at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
[junit4] 2> ... 22 more
{code}
> Upgrade Jetty to 9.4.19.v20190610
> ---------------------------------
>
> Key: SOLR-13541
> URL: https://issues.apache.org/jira/browse/SOLR-13541
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Erick Erickson
> Assignee: Erick Erickson
> Priority: Major
> Attachments: _test.res
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
