Chandana/Kishanthan, Could you please look into this.
On Tue, Aug 15, 2017 at 8:22 PM, Farasath Ahamed <farasa...@wso2.com> wrote: > Tested with Kernel 4.4.16, -Dhttpclient.hostnameVerifier=AllowAll > parameter is honoured and worked fine. > > Farasath Ahamed > Software Engineer, WSO2 Inc.; http://wso2.com > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > > On Tue, Aug 15, 2017 at 7:58 PM, Harsha Thirimanna <hars...@wso2.com> > wrote: > >> >> >> On 15 Aug 2017 7:43 pm, "Farasath Ahamed" <farasa...@wso2.com> wrote: >> >> Tried to do $subject following [1] on a IS 5.4.0-SNAPSHOT pack with >> kernel 4.4.17-SNAPSHOT. I still see hostname validation errors after >> running the server with, >> -Dhttpclient.hostnameVerifier=AllowAll >> >> >> You don't get this error with the IS pack with kernal 4.4.16 ? Could you >> please check that Farasath ? >> Then we can isolate this. >> >> >> >> [2017-08-15 19:36:52,561] ERROR >> {org.apache.catalina.core.StandardWrapperValve} >> - Servlet.service() for servlet [default] in context with path >> [/authenticationendpoint] threw exception >> java.io.IOException: javax.net.ssl.SSLHandshakeException: >> java.security.cert.CertificateException: No name matching idp.wso2.com >> found >> at org.apache.jasper.servlet.JspServletWrapper.service(JspServl >> etWrapper.java:467) >> at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServl >> et.java:395) >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:303) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.core.ApplicationDispatcher.invoke(Applic >> ationDispatcher.java:743) >> at org.apache.catalina.core.ApplicationDispatcher.processReques >> t(ApplicationDispatcher.java:485) >> at org.apache.catalina.core.ApplicationDispatcher.doForward(App >> licationDispatcher.java:410) >> at org.apache.catalina.core.ApplicationDispatcher.forward(Appli >> cationDispatcher.java:337) >> at org.wso2.carbon.identity.application.authentication.endpoint >> .util.filter.AuthenticationEndpointFilter.doFilter(Authentic >> ationEndpointFilter.java:161) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >> r(HttpHeaderSecurityFilter.java:124) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >> lter(ApplicationFilterChain.java:241) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >> licationFilterChain.java:208) >> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >> dWrapperValve.java:218) >> at org.apache.catalina.core.StandardContextValve.invoke(Standar >> dContextValve.java:110) >> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >> uthenticatorBase.java:506) >> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >> stValve.java:169) >> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >> rtValve.java:103) >> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >> RewriteValve.invoke(TenantContextRewriteValve.java:80) >> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >> ke(AuthorizationValve.java:91) >> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >> ke(AuthenticationValve.java:60) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >> ocation(CompositeValve.java:99) >> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >> (CarbonTomcatValve.java:47) >> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >> ntLazyLoaderValve.java:57) >> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >> eValves(TomcatValveContainer.java:47) >> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >> ositeValve.java:62) >> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >> lve.java:962) >> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >> invoke(CarbonContextCreatorValve.java:57) >> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >> EngineValve.java:116) >> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >> apter.java:445) >> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >> tractHttp11Processor.java:1115) >> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >> .process(AbstractProtocol.java:637) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >> (NioEndpoint.java:1770) >> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >> ioEndpoint.java:1729) >> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >> Executor.java:1142) >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >> lExecutor.java:617) >> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >> un(TaskThread.java:61) >> at java.lang.Thread.run(Thread.java:748) >> Caused by: javax.net.ssl.SSLHandshakeException: >> java.security.cert.CertificateException: No name matching idp.wso2.com >> found >> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) >> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) >> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa >> ndshaker.java:1514) >> at sun.security.ssl.ClientHandshaker.processMessage(ClientHands >> haker.java:216) >> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) >> at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) >> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) >> at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSo >> cketImpl.java:1375) >> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) >> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) >> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsCli >> ent.java:559) >> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnectio >> n.connect(AbstractDelegateHttpsURLConnection.java:185) >> at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Ht >> tpsURLConnectionImpl.java:153) >> at org.apache.jsp.login_jsp._jspService(login_jsp.java:777) >> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >> at org.apache.jasper.servlet.JspServletWrapper.service(JspServl >> etWrapper.java:439) >> ... 44 more >> Caused by: java.security.cert.CertificateException: No name matching >> idp.wso2.com found >> at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221) >> at sun.security.util.HostnameChecker.match(HostnameChecker.java:95) >> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509Trus >> tManagerImpl.java:455) >> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509Trus >> tManagerImpl.java:436) >> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509Trust >> ManagerImpl.java:200) >> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X50 >> 9TrustManagerImpl.java:124) >> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHa >> ndshaker.java:1496) >> ... 58 more >> >> >> Is the information in [1] still valid? >> >> Chandana pointed out there has been a http client version upgrade in >> Kernel 4.4.17. Could this be a reason for this? >> >> >> [1] https://docs.wso2.com/display/ADMIN44x/Enabling+HostName+Verification >> >> >> Thanks, >> Farasath Ahamed >> Software Engineer, WSO2 Inc.; http://wso2.com >> Mobile: +94777603866 >> Blog: blog.farazath.com >> Twitter: @farazath619 <https://twitter.com/farazath619> >> <http://wso2.com/signature> >> >> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >> >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
