[ https://issues.apache.org/jira/browse/SOLR-13541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16863148#comment-16863148 ]
Kevin Risden commented on SOLR-13541: ------------------------------------- [~erickerickson] - Pulled this out from the logs. I wonder if our tests aren't setting up the SAN (subject alternative names) correctly for local host TLS/SSL testing. There has been a push to move from CN -> SAN checking in certificates. Browsers/JDK/etc have been making that change. It accounts for at least a few of the test failures it looks like. {code:java} [junit4] 2> Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 127.0.0.1 found [junit4] 2> at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168) [junit4] 2> at sun.security.util.HostnameChecker.match(HostnameChecker.java:94) [junit4] 2> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) [junit4] 2> at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1068) [junit4] 2> at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1007) [junit4] 2> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601) [junit4] 2> ... 22 more {code} > Upgrade Jetty to 9.4.19.v20190610 > --------------------------------- > > Key: SOLR-13541 > URL: https://issues.apache.org/jira/browse/SOLR-13541 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Erick Erickson > Assignee: Erick Erickson > Priority: Major > Attachments: _test.res > > Time Spent: 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org