Hi Isuru, I checked version from the ESB master branch pom[1].
<httpclient.version>4.1.2</httpclient.version> [1] https://github.com/wso2/product-esb/blob/master/pom.xml Regards, Aparna. On Tue, Oct 27, 2015 at 5:41 AM, Isuru Udana <isu...@wso2.com> wrote: > Hi Aparna, > > We are using 4.3.1. > > > Thanks. > > On Mon, Oct 26, 2015 at 10:36 AM, Aparna Karunarathna <apa...@wso2.com> > wrote: > >> Hi Kasun/Isuru, >> >> Currently ESB uses Apache httpclient 4.1.2, shouldn't it upgrade to newer >> version? >> >> @Deep, Thanks for the clarification. >> >> Regards, >> Aparna >> >> On Sat, Oct 24, 2015 at 11:38 AM, Deependra Ariyadewa <d...@wso2.com> >> wrote: >> >>> Hi Aparna, >>> >>> This can happen when the client does not send the SNI[1][2] to the >>> server side to select the proper HTTPS virtual host. In this case NGINX >>> reverse proxy created in the vhost. Most of the modern browsers send SNI to >>> server, therefore you will not observe this when you make the request via a >>> modern browser. >>> >>> Most of the new Java HTTP client libraries also support SNI. As an >>> example, Apache httpclient library support SNI from version 4.3.2 [3]. If >>> you use a library which does not support SNI, you will get this error for >>> HTTPS call going towards services hosted in virtual host environments. >>> >>> [1] https://en.wikipedia.org/wiki/Server_Name_Indication >>> [2] https://www.ietf.org/rfc/rfc3546.txt >>> [3] https://hc.apache.org/news.html >>> >>> On Fri, Oct 23, 2015 at 11:07 AM, Aparna Karunarathna <apa...@wso2.com> >>> wrote: >>> >>>> Hi all, >>>> >>>> I have encountered a weird "hostname in certificate didn't match:" >>>> issue when accessing IS dashboard. My setup details are as follows. >>>> >>>> *Setup Details* >>>> *IS cluster* >>>> - 3 nodes cluster >>>> - Hostname - mgt.is.wso2.com >>>> - Certificate CN - mgt.is.wso2.com >>>> >>>> *BPS cluster* >>>> - 2 nodes cluster (manager/worker) >>>> - Hostnames - Manager - mgt.bps.wso2.com / Worker - wrk.bps.wso2.com >>>> - Certificate CN - *.bps.wso2.com >>>> >>>> * Both nodes are fronted by same Nginx plus load balancer. >>>> >>>> [1] >>>> javax.net.ssl.SSLException: hostname in certificate didn't match: < >>>> mgt.is.wso2.com> != <*.bps.wso2.com> >>>> at >>>> org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:238) >>>> at >>>> org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:54) >>>> .... >>>> .... >>>> >>>> When we check the browser cookie, it gave correct certificate. ( >>>> mgt.is.wso2.com), but when we check it from java client[2] it gives >>>> the bps certificate (*.bps.wso2.com) instead of IS. >>>> >>>> [2] >>>> https://darray.wordpress.com/2015/07/12/freak-vulnerability-and-disabling-weak-export-cipher-suites-in-wso2-carbon-4-2-0-based-products/ >>>> >>>> What is the reason for this? Is it my config issue or Nginx issue or >>>> our product issue? >>>> >>>> -- >>>> *Regards,* >>>> >>>> *Aparna Karunarathna.* >>>> >>>> >>>> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 <0714002533>* >>>> >>> >>> >>> >>> -- >>> Deependra Ariyadewa >>> WSO2, Inc. http://wso2.com/ http://wso2.org >>> >>> email d...@wso2.com; cell +94 71 403 5996 ; >>> Blog http://risenfall.wordpress.com/ >>> PGP info: KeyID: 'DC627E6F' >>> >>> *WSO2 - Lean . Enterprise . Middleware* >>> >> >> >> >> -- >> *Regards,* >> >> *Aparna Karunarathna.* >> >> >> *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533 <0714002533>* >> > > > > -- > *Isuru Udana* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > email: isu...@wso2.com cell: +94 77 3791887 > blog: http://mytecheye.blogspot.com/ > -- *Regards,* *Aparna Karunarathna.* *Associate Technical Lead - QAWSO2 Inc.Mobile: 0714002533*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
