XMLWordPrintable

      I wanted to create an application link between Stash and JIRA. Both run behind an individual Apache SSL proxy (stash.company.com and jira.company.com). The Apache server uses GnuTLS / SNI (Server Name Indication) to provide the required reverse proxy instances using one single ip address.

      Both with Java 6 and 7, Stash is not able to establish a secure connection (Stash reports it could not connect to the server). However, using a reasonably modern browser, I am perfectly able to access both applications via https (https://stash.company.com/ and https://jira.company.com/).

      With Java 6, this failes with the following Apache error log message: "Invalid method in request \x80e\x01\x03\x01". This is because Java 6 does not implement SNI.

      Therefore, I upgraded to Java 7 which implements SNI. Unfortunately, then I get the following Apache error message: "Invalid method in request \x16\x03\x01". Thus, Stash still does not make a proper request.

      Unfortunately, it seems that Jakarta Commons-HttpClient currently does not support SNI, see https://issues.apache.org/jira/browse/HTTPCLIENT-1119 for details.

      Attempting to connect to SNI enabled host 'expectedhost' over SSL using http client could also result in an SSLException similar to:

      javax.net.ssl.SSLException: hostname in certificate didn't match: <expectedhost> != <defaulthost>
      at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:220)
      

      Workaround for creating applinks between JIRA and Stash:

      Please refer to this comment by Christopher S. Hebert.

      The key point is to use localhost as Application URLs, while keeping HTTPS as Display and Base URLs, in both JIRA and Stash.

              colivier Charles Olivier (Inactive)
              876a0750-e7d6-48be-b4e1-51d30e5ebe19 Deleted Account (Inactive)
              Votes:
              32 Vote for this issue
              Watchers:
              31 Start watching this issue

                Created:
                Updated:
                Resolved: