Details
-
Bug
-
Resolution: Fixed
-
Low
-
7.0.2
-
7
-
Description
Support for SNI in jira was implemented in JRA-24515, but after upgrade to JIRA 7.0.2 my logs are full of stacktraces like below. No user impact so far, but a lot of junk in log files makes it hard to track other problems with 7.0.2
javax.net.ssl.SSLException: Certificate for <HERE_GOES_SNI_NAME> doesn't match any of the subject alternative names: [HERE_GOES_NOT_SNI_NAME]
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:164)
at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:140)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:569)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:544)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at com.atlassian.gadgets.renderer.internal.http.HttpClientFetcher.fetch(HttpClientFetcher.java:95)
at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.fetchObjectAndCache(DefaultGadgetSpecFactory.java:125)
at org.apache.shindig.gadgets.DefaultGadgetSpecFactory.getGadgetSpec(DefaultGadgetSpecFactory.java:90)
at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:71)
at com.atlassian.gadgets.renderer.internal.local.LocalGadgetSpecFactory.getGadgetSpec(LocalGadgetSpecFactory.java:53)
at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:141)
at com.atlassian.gadgets.renderer.internal.GadgetSpecFactoryImpl.getGadgetSpec(GadgetSpecFactoryImpl.java:81)
... 2 filtered
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70)
at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)
at com.sun.proxy.$Proxy1663.getGadgetSpec(Unknown Source)
at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createSpecificationBasedGadget(GadgetFactoryImpl.java:142)
at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.access$000(GadgetFactoryImpl.java:41)
at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:79)
at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl$1.visit(GadgetFactoryImpl.java:75)
at com.atlassian.gadgets.GadgetState.accept(GadgetState.java:145)
at com.atlassian.gadgets.dashboard.internal.impl.GadgetFactoryImpl.createDashboardItem(GadgetFactoryImpl.java:74)
at com.atlassian.gadgets.dashboard.internal.impl.StateConverterImpl.convertStateToGadget(StateConverterImpl.java:32)
at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:232)
at com.atlassian.gadgets.dashboard.internal.impl.DashboardImpl$DashboardItemStateConverter.apply(DashboardImpl.java:228)
at com.google.common.collect.Iterators$8.transform(Iterators.java:799)
at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48)
at com.google.common.collect.TransformedIterator.next(TransformedIterator.java:48)
at com.google.common.collect.Iterators$7.computeNext(Iterators.java:651)
at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143)
at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138)
at com.google.common.collect.Iterators$7.computeNext(Iterators.java:650)
at com.google.common.collect.AbstractIterator.tryToComputeNext(AbstractIterator.java:143)
at com.google.common.collect.AbstractIterator.hasNext(AbstractIterator.java:138)
Notes
The SSLPoke tool (used as described here) may not indicate a problem with SSL certificates, when alternative address are being used with SNI. Using this tool - https://bitbucket.org/atlassianlabs/httpclienttest/overview together with the SSL poke tool is a good way to determine if you're affected by this bug.
Attachments
Issue Links
- is related to
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
RAID-51 Loading...
- is blocked by
-
-
-
- links to
(1 is blocked by, 1 links to, 3 mentioned in)