-
Bug
-
Resolution: Fixed
-
Low
-
5.2
-
None
-
5.02
-
Symptoms
When connecting a directory to LDAP via SSL you will see an error like this in the web browser:
Connection test failed. Response from the server:
localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]
In the log file there will be an entry like this:
2012-11-18 18:46:38,147 QuartzWorker-1 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ]. com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:416) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:384) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:574) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:944) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:41) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:60) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34) at org.quartz.core.JobRunShell.run(JobRunShell.java:195) at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) Caused by: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:98) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:138) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:94) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:65) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:56) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:412) ... 13 more Caused by: javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.sun.jndi.ldap.Connection.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) ... 26 more Caused by: java.lang.RuntimeException: Unable to set hostname verification on SSLSocket at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:85) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:125) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.sun.jndi.ldap.Connection.createSocket(Unknown Source) ... 41 more Caused by: java.lang.NoSuchMethodException: sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String) at java.lang.Class.getMethod(Unknown Source) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80) ... 47 more
Steps to Reproduce
- Run JIRA using Java 7, not Java 6 - Java 7 is listed as a supported platform
- Import SSL certificate of the LDAP server into JIRA's JVM keystore as per normal procedure
- Add an LDAP directory, attempt to configure using SSL
- Observe the error message and log entry described above
Workaround
Use Java 6
- is caused by
-
CWD-2739 SSLSocketImpl.trySetHostnameVerification breaks under JDK 7
- Closed
-
CWD-2740 Support running Crowd under JDK 7
- Closed
- is related to
-
CONFSERVER-26523 Can't connect to LDAP over SSL when using Java 7
- Closed
- relates to
-
JRASERVER-24515 JIRA should support the use of TLS - SNI
- Closed
- is incorporated by
-
JRADEV-11821 Loading...