Tested with Kernel 4.4.16, -Dhttpclient.hostnameVerifier=AllowAll parameter is honoured and worked fine.
Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature> On Tue, Aug 15, 2017 at 7:58 PM, Harsha Thirimanna <hars...@wso2.com> wrote: > > > On 15 Aug 2017 7:43 pm, "Farasath Ahamed" <farasa...@wso2.com> wrote: > > Tried to do $subject following [1] on a IS 5.4.0-SNAPSHOT pack with kernel > 4.4.17-SNAPSHOT. I still see hostname validation errors after running the > server with, > -Dhttpclient.hostnameVerifier=AllowAll > > > You don't get this error with the IS pack with kernal 4.4.16 ? Could you > please check that Farasath ? > Then we can isolate this. > > > > [2017-08-15 19:36:52,561] ERROR > {org.apache.catalina.core.StandardWrapperValve} > - Servlet.service() for servlet [default] in context with path > [/authenticationendpoint] threw exception > java.io.IOException: javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No name matching idp.wso2.com > found > at org.apache.jasper.servlet.JspServletWrapper.service(JspServl > etWrapper.java:467) > at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServl > et.java:395) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:303) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.core.ApplicationDispatcher.invoke(Applic > ationDispatcher.java:743) > at org.apache.catalina.core.ApplicationDispatcher.processReques > t(ApplicationDispatcher.java:485) > at org.apache.catalina.core.ApplicationDispatcher.doForward(App > licationDispatcher.java:410) > at org.apache.catalina.core.ApplicationDispatcher.forward(Appli > cationDispatcher.java:337) > at org.wso2.carbon.identity.application.authentication.endpoint > .util.filter.AuthenticationEndpointFilter.doFilter(Authentic > ationEndpointFilter.java:161) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte > r(HttpHeaderSecurityFilter.java:124) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFi > lter(ApplicationFilterChain.java:241) > at org.apache.catalina.core.ApplicationFilterChain.doFilter(App > licationFilterChain.java:208) > at org.apache.catalina.core.StandardWrapperValve.invoke(Standar > dWrapperValve.java:218) > at org.apache.catalina.core.StandardContextValve.invoke(Standar > dContextValve.java:110) > at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A > uthenticatorBase.java:506) > at org.apache.catalina.core.StandardHostValve.invoke(StandardHo > stValve.java:169) > at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo > rtValve.java:103) > at org.wso2.carbon.identity.context.rewrite.valve.TenantContext > RewriteValve.invoke(TenantContextRewriteValve.java:80) > at org.wso2.carbon.identity.authz.valve.AuthorizationValve. > invoke(AuthorizationValve.java:91) > at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo > ke(AuthenticationValve.java:60) > at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv > ocation(CompositeValve.java:99) > at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke > (CarbonTomcatValve.java:47) > at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena > ntLazyLoaderValve.java:57) > at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok > eValves(TomcatValveContainer.java:47) > at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp > ositeValve.java:62) > at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection > Valve.invoke(CarbonStuckThreadDetectionValve.java:159) > at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa > lve.java:962) > at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. > invoke(CarbonContextCreatorValve.java:57) > at org.apache.catalina.core.StandardEngineValve.invoke(Standard > EngineValve.java:116) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd > apter.java:445) > at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs > tractHttp11Processor.java:1115) > at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler > .process(AbstractProtocol.java:637) > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun > (NioEndpoint.java:1770) > at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run( > NioEndpoint.java:1729) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool > Executor.java:1142) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo > lExecutor.java:617) > at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable. > run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:748) > Caused by: javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No name matching idp.wso2.com > found > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) > at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa > ndshaker.java:1514) > at sun.security.ssl.ClientHandshaker.processMessage(ClientHands > haker.java:216) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) > at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo > cketImpl.java:1375) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) > at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsCli > ent.java:559) > at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnectio > n.connect(AbstractDelegateHttpsURLConnection.java:185) > at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Ht > tpsURLConnectionImpl.java:153) > at org.apache.jsp.login_jsp._jspService(login_jsp.java:777) > at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) > at org.apache.jasper.servlet.JspServletWrapper.service(JspServl > etWrapper.java:439) > ... 44 more > Caused by: java.security.cert.CertificateException: No name matching > idp.wso2.com found > at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221) > at sun.security.util.HostnameChecker.match(HostnameChecker.java:95) > at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509Trus > tManagerImpl.java:455) > at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509Trus > tManagerImpl.java:436) > at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509Trust > ManagerImpl.java:200) > at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X50 > 9TrustManagerImpl.java:124) > at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa > ndshaker.java:1496) > ... 58 more > > > Is the information in [1] still valid? > > Chandana pointed out there has been a http client version upgrade in > Kernel 4.4.17. Could this be a reason for this? > > > [1] https://docs.wso2.com/display/ADMIN44x/Enabling+HostName+Verification > > > Thanks, > Farasath Ahamed > Software Engineer, WSO2 Inc.; http://wso2.com > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev