-
Bug
-
Resolution: Duplicate
-
P4
-
7u67
-
x86_64
-
linux
FULL PRODUCT VERSION :
Picked up JAVA_TOOL_OPTIONS: -Xms16M -Xmx128M
java version "1.7.0_67"
Java(TM) SE Runtime Environment (build 1.7.0_67-b01)
Java HotSpot(TM) 64-Bit Server VM (build 24.65-b04, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux localhost.localdom 3.0.101-0.7.19-default #1 SMP Fri May 9 14:41:39 UTC 2014 (aab30c0) x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
When matching the ipv6 address in HostnameChecker.class it simply does a string match. The problem is that the input from the certificate does not match the RFC... so this happens:
2001:123:f123:1::7 != 2001:123:f123:1:0:0:0:7 (I added a println for debugging to find it - source below)
Since it's not properly formatting the certificate's IP address it fails. The proper format for an ipv6 address for a string comparison is available from https://www.ietf.org/rfc/rfc5952.txt - or it could be converted to binary and compared that way.
Sam
private static void matchIP(String expectedIP, X509Certificate cert)
throws CertificateException {
Collection subjAltNames = cert.getSubjectAlternativeNames();
if (subjAltNames == null) {
throw new CertificateException
("No subject alternative names present");
}
for (Iterator itr = subjAltNames.iterator(); itr.hasNext(); ) {
List next = (List)itr.next();
// For IP address, it needs to be exact match
if (((Integer)next.get(0)).intValue() == ALTNAME_IP) {
String ipAddress = (String)next.get(1);
if (expectedIP.equalsIgnoreCase(ipAddress)) {
return;
}
System.out.println(expectedIP + " != " + ipAddress);
}
}
throw new CertificateException("No subject alternative " +
"names matching " + "IP address " +
expectedIP + " found");
}
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a certificate with a subjectAlternativeName of an ipv6 address then try to verify it with sun.security.util.HostnameChecker
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Verified that the address is present on the certificate
ACTUAL -
java.security.cert.CertificateException: No subject alternative names matching IP address 2001:123:f123:1::7 found
ERROR MESSAGES/STACK TRACES THAT OCCUR :
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 2001:470:f380:1::7 found
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.client.Stub.process(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(Unknown Source) ~[na:1.7.0_55]
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:130) [wstClient.jar:na]
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:81) [wstClient.jar:na]
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:767) [wstClient.jar:na]
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:697) [wstClient.jar:na]
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireToken(SecurityTokenServiceImpl.java:123) [wstClient.jar:na]
at com.vmware.vim.install.impl.AdminServiceAccess.acquireSamlToken(AdminServiceAccess.java:297) [regtool.jar:na]
at com.vmware.vim.install.impl.AdminServiceAccess.<init>(AdminServiceAccess.java:187) [regtool.jar:na]
at com.vmware.vim.install.impl.AdminServiceAccess.createDiscover(AdminServiceAccess.java:238) [regtool.jar:na]
at com.vmware.vim.install.impl.RegistrationProviderImpl.<init>(RegistrationProviderImpl.java:57) [regtool.jar:na]
at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:143) [regtool.jar:na]
at com.vmware.vim.install.RegistrationProviderFactory$getRegistrationProvider.call(Unknown Source) [regtool.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.rsvc.ServiceAccessFactoryImpl.createUserAuthn(ServiceAccessFactoryImpl.groovy:46) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.rsvc.ServiceAccessFactory$createUserAuthn.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.hooks.InstallServicesAction.execute(InstallServicesAction.groovy:90) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.hooks.InstallServicesAction$execute.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.commands.impl.InstallV2Command.configureDependentServices(InstallV2Command.groovy:229) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.commands.impl.InstallV2Command.this$2$configureDependentServices(InstallV2Command.groovy) [sso-service-cfg.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_55]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_55]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_55]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.7.0_55]
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1047) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:914) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:877) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:921) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:877) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.Closure.call(Closure.java:412) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.Closure.call(Closure.java:406) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.commands.impl.ActionUtil.tryInOrder(ActionUtil.java:17) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.commands.impl.ActionUtil$tryInOrder.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.commands.impl.InstallV2Command.execute(InstallV2Command.groovy:97) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.commands.api.Command$execute.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:112) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.ServiceCfgMain.dispatchToCommand(ServiceCfgMain.groovy:74) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.ServiceCfgMain.dispatch(ServiceCfgMain.groovy:46) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.ServiceCfgMain.this$2$dispatch(ServiceCfgMain.groovy) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.ServiceCfgMain$this$2$dispatch.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.ServiceCfgMain.main(ServiceCfgMain.groovy:30) [sso-service-cfg.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 2001:470:f380:1::7 found
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.7.0_55]
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) ~[na:1.7.0_55]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) ~[na:1.7.0_55]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) ~[na:1.7.0_55]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) ~[na:1.7.0_55]
... 68 common frames omitted
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 2001:470:f380:1::7 found
at sun.security.util.HostnameChecker.matchIP(Unknown Source) ~[na:1.7.0_55]
at sun.security.util.HostnameChecker.match(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ~[na:1.7.0_55]
... 80 common frames omitted
REPRODUCIBILITY :
This bug can be reproduced always.
Picked up JAVA_TOOL_OPTIONS: -Xms16M -Xmx128M
java version "1.7.0_67"
Java(TM) SE Runtime Environment (build 1.7.0_67-b01)
Java HotSpot(TM) 64-Bit Server VM (build 24.65-b04, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux localhost.localdom 3.0.101-0.7.19-default #1 SMP Fri May 9 14:41:39 UTC 2014 (aab30c0) x86_64 x86_64 x86_64 GNU/Linux
A DESCRIPTION OF THE PROBLEM :
When matching the ipv6 address in HostnameChecker.class it simply does a string match. The problem is that the input from the certificate does not match the RFC... so this happens:
2001:123:f123:1::7 != 2001:123:f123:1:0:0:0:7 (I added a println for debugging to find it - source below)
Since it's not properly formatting the certificate's IP address it fails. The proper format for an ipv6 address for a string comparison is available from https://www.ietf.org/rfc/rfc5952.txt - or it could be converted to binary and compared that way.
Sam
private static void matchIP(String expectedIP, X509Certificate cert)
throws CertificateException {
Collection subjAltNames = cert.getSubjectAlternativeNames();
if (subjAltNames == null) {
throw new CertificateException
("No subject alternative names present");
}
for (Iterator itr = subjAltNames.iterator(); itr.hasNext(); ) {
List next = (List)itr.next();
// For IP address, it needs to be exact match
if (((Integer)next.get(0)).intValue() == ALTNAME_IP) {
String ipAddress = (String)next.get(1);
if (expectedIP.equalsIgnoreCase(ipAddress)) {
return;
}
System.out.println(expectedIP + " != " + ipAddress);
}
}
throw new CertificateException("No subject alternative " +
"names matching " + "IP address " +
expectedIP + " found");
}
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Create a certificate with a subjectAlternativeName of an ipv6 address then try to verify it with sun.security.util.HostnameChecker
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Verified that the address is present on the certificate
ACTUAL -
java.security.cert.CertificateException: No subject alternative names matching IP address 2001:123:f123:1::7 found
ERROR MESSAGES/STACK TRACES THAT OCCUR :
com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 2001:470:f380:1::7 found
at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.transport.DeferredTransportPipe.processRequest(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.client.Stub.process(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(Unknown Source) ~[na:1.7.0_55]
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(Unknown Source) ~[na:1.7.0_55]
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:130) [wstClient.jar:na]
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:81) [wstClient.jar:na]
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:767) [wstClient.jar:na]
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:697) [wstClient.jar:na]
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl.acquireToken(SecurityTokenServiceImpl.java:123) [wstClient.jar:na]
at com.vmware.vim.install.impl.AdminServiceAccess.acquireSamlToken(AdminServiceAccess.java:297) [regtool.jar:na]
at com.vmware.vim.install.impl.AdminServiceAccess.<init>(AdminServiceAccess.java:187) [regtool.jar:na]
at com.vmware.vim.install.impl.AdminServiceAccess.createDiscover(AdminServiceAccess.java:238) [regtool.jar:na]
at com.vmware.vim.install.impl.RegistrationProviderImpl.<init>(RegistrationProviderImpl.java:57) [regtool.jar:na]
at com.vmware.vim.install.RegistrationProviderFactory.getRegistrationProvider(RegistrationProviderFactory.java:143) [regtool.jar:na]
at com.vmware.vim.install.RegistrationProviderFactory$getRegistrationProvider.call(Unknown Source) [regtool.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.rsvc.ServiceAccessFactoryImpl.createUserAuthn(ServiceAccessFactoryImpl.groovy:46) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.rsvc.ServiceAccessFactory$createUserAuthn.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.hooks.InstallServicesAction.execute(InstallServicesAction.groovy:90) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.hooks.InstallServicesAction$execute.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.commands.impl.InstallV2Command.configureDependentServices(InstallV2Command.groovy:229) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.commands.impl.InstallV2Command.this$2$configureDependentServices(InstallV2Command.groovy) [sso-service-cfg.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_55]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_55]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_55]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.7.0_55]
at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:90) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:233) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1047) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:914) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:877) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:921) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:877) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.Closure.call(Closure.java:412) [groovy-all-1.8.6.jar:1.8.6]
at groovy.lang.Closure.call(Closure.java:406) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.commands.impl.ActionUtil.tryInOrder(ActionUtil.java:17) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.commands.impl.ActionUtil$tryInOrder.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.commands.impl.InstallV2Command.execute(InstallV2Command.groovy:97) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.commands.api.Command$execute.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:112) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.ServiceCfgMain.dispatchToCommand(ServiceCfgMain.groovy:74) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.ServiceCfgMain.dispatch(ServiceCfgMain.groovy:46) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.ServiceCfgMain.this$2$dispatch(ServiceCfgMain.groovy) [sso-service-cfg.jar:na]
at com.vmware.sso.cfg.ServiceCfgMain$this$2$dispatch.call(Unknown Source) [sso-service-cfg.jar:na]
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:42) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:108) [groovy-all-1.8.6.jar:1.8.6]
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [groovy-all-1.8.6.jar:1.8.6]
at com.vmware.sso.cfg.ServiceCfgMain.main(ServiceCfgMain.groovy:30) [sso-service-cfg.jar:na]
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 2001:470:f380:1::7 found
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[na:1.7.0_55]
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) ~[na:1.7.0_55]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) ~[na:1.7.0_55]
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) ~[na:1.7.0_55]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) ~[na:1.7.0_55]
... 68 common frames omitted
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 2001:470:f380:1::7 found
at sun.security.util.HostnameChecker.matchIP(Unknown Source) ~[na:1.7.0_55]
at sun.security.util.HostnameChecker.match(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(Unknown Source) ~[na:1.7.0_55]
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source) ~[na:1.7.0_55]
... 80 common frames omitted
REPRODUCIBILITY :
This bug can be reproduced always.
- duplicates
-
-
- Resolved
-