[jira] [Commented] (CAMEL-19856) NoopHostnameVerifier seems to not working any longer

Tue, 17 Oct 2023 03:58:12 -0700 


    [ 
https://issues.apache.org/jira/browse/CAMEL-19856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17776146#comment-17776146
 ] 

Karen Lease commented on CAMEL-19856:
-------------------------------------

The exception javax.net.ssl.SSLHandshakeException occurs during the "handshake" 
with the server and is mostly likely due to the trust manager store not 
containing the root certificate of the server. The HostnameVerifier is only 
used after the handshake is complete to check the conformity of the requested 
URL and the server certificate names. If the SSL handshake succeeds but the 
noopHostnameVerifier bean is not found you will have a different error, similar 
to this one:
{code:java}
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <127.0.0.1> doesn't 
match any of the subject alternative names: [localhost]{code}
You could set org.apache.http.conn.ssl to DEBUG level to get more verbose 
output about the connection process.

> NoopHostnameVerifier seems to not working any longer
> ----------------------------------------------------
>
>                 Key: CAMEL-19856
>                 URL: https://issues.apache.org/jira/browse/CAMEL-19856
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-http4
>    Affects Versions: 3.20.2
>            Reporter: Gerald Kallas
>            Priority: Minor
>
> we had a code (XML DSL) that was already working to skip SSL hostname 
> validation like
> {code:java}
> <bean id="noopHostnameVerifier" 
> class="org.apache.http.conn.ssl.NoopHostnameVerifier"/>
> ...
> <to 
> uri='https://server/api/v1/entity/integrationservice/delta?x509HostnameVerifier=noopHostnameVerifier'/>{code}
> It's not working anymore, getting
>  
> {code:java}
> javax.net.ssl.SSLHandshakeException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target  {code}
> I tried also
>  
> {code:java}
> <to 
> uri='https://server/api/v1/entity/integrationservice/delta?x509HostnameVerifier=#noopHostnameVerifier'/>{code}
> same error.
>  
> The underlying Java (within a Docker containe) is
>  
> {code:java}
> openjdk version "11.0.11" 2021-04-20 OpenJDK Runtime Environment 
> AdoptOpenJDK-11.0.11+9 (build 11.0.11+9) OpenJDK 64-Bit Server VM 
> AdoptOpenJDK-11.0.11+9 (build 11.0.11+9, mixed mode){code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to