[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bruce J Schuchardt updated GEODE-8144:
--------------------------------------
Description:
If you enable endpoint identification in a server the server will not start.
It will log exceptions like this:
{noformat}
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
at
sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
at
sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
at
org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
at
org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
at
org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
at org.apache.geode.internal.tcp.Connection.<init>(Connection.java:1167)
at
org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
at
org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
at
org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
at
org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
at
org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
at
org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
at
org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
at
org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
at
org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
at
org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
at
org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
at
org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
at
org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
at
org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
at
org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
at
org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
at
org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
at
org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
at src.EntryConsumer.initialize(EntryConsumer.java:69)
at src.EntryConsumer.main(EntryConsumer.java:340)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:1015)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:1012)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1504)
at
org.apache.geode.internal.net.NioSslEngine.handleBlockingTasks(NioSslEngine.java:225)
at
org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:185)
... 27 more
Caused by: java.security.cert.CertificateException: No subject alternative
names matching IP address 10.118.26.62 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:442)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:261)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1675)
... 35 more
{noformat}
was:
If you enable endpoint identification in a server the server will not start.
It will log exceptions like this:
{noformat}
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problemCaused
by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at
sun.security.ssl.Alerts.getSSLException(Alerts.java:198) at
sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729) at
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333) at
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325) at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082) at
sun.security.ssl.Handshaker$1.run(Handshaker.java:1015) at
sun.security.ssl.Handshaker$1.run(Handshaker.java:1012) at
java.security.AccessController.doPrivileged(Native Method) at
sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1504) at
org.apache.geode.internal.net.NioSslEngine.handleBlockingTasks(NioSslEngine.java:225)
at org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:185)
... 27 moreCaused by: java.security.cert.CertificateException: No subject
alternative names matching IP address 10.118.26.62 found at
sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168) at
sun.security.util.HostnameChecker.match(HostnameChecker.java:94) at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:442)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:261)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1675)
... 35 more {noformat}
> endpoint identification in servers is not working
> -------------------------------------------------
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
> Reporter: Bruce J Schuchardt
> Priority: Major
>
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.<init>(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
> at src.EntryConsumer.initialize(EntryConsumer.java:69)
> at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:1015)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:1012)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1504)
> at
> org.apache.geode.internal.net.NioSslEngine.handleBlockingTasks(NioSslEngine.java:225)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:185)
> ... 27 more
> Caused by: java.security.cert.CertificateException: No subject alternative
> names matching IP address 10.118.26.62 found
> at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
> at
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
> at
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:442)
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:261)
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1675)
> ... 35 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
