axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shatabdi.b...@daimler.com
Subject [Axis2] - Is Axis2 version 1.4 affected by RFC 2818?
Date Fri, 08 Feb 2019 05:14:36 GMT
Hello Team,

We are using Axis2 1.4 to consume SOAP services from WSDL. Currently, facing issues with the
SSL verification. Error is :

org.apache.axis2.AxisFault
org.apache.axis2.AxisFault: HTTPS hostname invalid: expected '******', received '******1234*****'
                at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(HTTPSenderImpl.java:216)
                at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:121)
                at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:403)
                at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:234)
                at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:431)
                at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:399)
                at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: HTTPS hostname invalid: expected '******',
received '******1234*****'
                at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname(Unknown
Source)
                at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket(Unknown
Source)
                at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
                at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
                at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
                at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
                at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.executeMethod(HTTPSenderImpl.java:872)
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(HTTPSenderImpl.java:212)
                ... 58 more

We found a similar RFC 2818(https://tools.ietf.org/html/rfc2818 ) and also existing issue
 https://lwn.net/Articles/611992/ where the server hostname is being verified via the Subject
name (CN field) and not via the SAN entries.

Is Axis2 1.4 also affected by this ? Which version of axis2 is this issue fixed?
Let us know.

Thanks,
Shatabdi

If you are not the addressee, please inform us immediately that you have received this e-mail
by mistake, and delete it. We thank you for your support.


Mime
View raw message