On 15 Aug 2017 7:43 pm, "Farasath Ahamed" <farasa...@wso2.com> wrote:
Tried to do $subject following [1] on a IS 5.4.0-SNAPSHOT pack with kernel
4.4.17-SNAPSHOT. I still see hostname validation errors after running the
server with,
-Dhttpclient.hostnameVerifier=AllowAll
You don't get this error with the IS pack with kernal 4.4.16 ? Could you
please check that Farasath ?
Then we can isolate this.
[2017-08-15 19:36:52,561] ERROR {org.apache.catalina.core.StandardWrapperValve}
- Servlet.service() for servlet [default] in context with path
[/authenticationendpoint] threw exception
java.io.IOException: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No name matching idp.wso2.com found
at org.apache.jasper.servlet.JspServletWrapper.service(
JspServletWrapper.java:467)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationDispatcher.invoke(
ApplicationDispatcher.java:743)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(
ApplicationDispatcher.java:485)
at org.apache.catalina.core.ApplicationDispatcher.doForward(
ApplicationDispatcher.java:410)
at org.apache.catalina.core.ApplicationDispatcher.forward(
ApplicationDispatcher.java:337)
at org.wso2.carbon.identity.application.authentication.endpoint.util.filter.
AuthenticationEndpointFilter.doFilter(AuthenticationEndpointFilter.java:161)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(
HttpHeaderSecurityFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(
StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(
ErrorReportValve.java:103)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.
invoke(TenantContextRewriteValve.java:80)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(
AuthorizationValve.java:91)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.
invoke(AuthenticationValve.java:60)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(
CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.
invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(
TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(
TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(
CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(
CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(
CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(
StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(
CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(
AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.
process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
doRun(NioEndpoint.java:1770)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.
run(NioEndpoint.java:1729)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(
TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException:
No name matching idp.wso2.com found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(
ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(
SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(
HttpsURLConnectionImpl.java:153)
at org.apache.jsp.login_jsp._jspService(login_jsp.java:777)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.jasper.servlet.JspServletWrapper.service(
JspServletWrapper.java:439)
... 44 more
Caused by: java.security.cert.CertificateException: No name matching
idp.wso2.com found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(
X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(
X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(
X509TrustManagerImpl.java:200)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(
X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(
ClientHandshaker.java:1496)
... 58 more
Is the information in [1] still valid?
Chandana pointed out there has been a http client version upgrade in Kernel
4.4.17. Could this be a reason for this?
[1] https://docs.wso2.com/display/ADMIN44x/Enabling+HostName+Verification
Thanks,
Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 <https://twitter.com/farazath619>
<http://wso2.com/signature>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
