[jira] [Commented] (GEODE-9139) SSLException in starting up a Locator

[ASF subversion and git services (Jira)]

    [ 
https://issues.apache.org/jira/browse/GEODE-9139?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17355991#comment-17355991
 ] 

ASF subversion and git services commented on GEODE-9139:
--------------------------------------------------------

Commit a55e472e9fdeb4b0373199463119b340b0cf90a3 in geode's branch 
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=a55e472 ]

GEODE-9139 SSLException in starting up a Locator (#6308)

* GEODE-9139 SSLException in starting up a Locator

Preserve the bind-address string specified by the user for cluster 
communications

Also enable use of host names in member identifiers if endpoint
validation is enabled.

* retain the bind address string or bind address InetAddress in a HostAddress

HostAndPort could not be used because there will be a port set but there
may not be a bindAddress set.  That class requires a host name.

* fixed NPE

* fixing a few problems with HostAddress

* spA

* fixed lgtm issue

* more lgtm issues fixed

* addressing Kamilla's comments

* typo

* simplify HostAndPort & HostAddress by creating a common superclass to hold
their InetSocketAddress.
Cache the result of attempting to resolve the host name, as suggested by
Bill.

* retain the string passed in as the hostname to avoid things like 127.0.0.1 
being converted to localhost

* added comments about retention of the hostName parameter

(cherry picked from commit 55921a4d7b66a51279e71d1a665dc797fcc8ca6f)


> SSLException in starting up a Locator
> -------------------------------------
>
>                 Key: GEODE-9139
>                 URL: https://issues.apache.org/jira/browse/GEODE-9139
>             Project: Geode
>          Issue Type: Bug
>          Components: membership, messaging
>            Reporter: Bruce J Schuchardt
>            Assignee: Bruce J Schuchardt
>            Priority: Major
>              Labels: blocks-1.14.0​, pull-request-available
>             Fix For: 1.13.3, 1.14.0, 1.15.0
>
>
> If you start up a locator using its host name, without a domain name, as a 
> bind address you may get an SSLException in the form
> {noformat}
> javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 
> No subject alternative DNS name matching hostname.domainname found
> {noformat}
> The LocatorLauncher and InternalLocator throw away the bind address string 
> and later do a reverse lookup to find the fully qualified hostname to use in 
> endpoint identification matching.    If the locator's own TLS certificate 
> doesn't have the fully qualified name in it as a Subject Alternate Name the 
> connection that the Locator makes to its own location service will fail.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)