axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shatabdi.b...@daimler.com
Subject RE: [Axis2] - Is Axis2 version 1.4 affected by RFC 2818?
Date Mon, 11 Feb 2019 11:13:13 GMT
Hi Robert,

Thanks for the reply.
I tried with the latest Axis2 1.7.9, configured with httpclient-4.5.3.jar. But, still I am
facing the same issue. Could you please let me know the exact Axis2 version where this issue
is fixed?

This is not a self-signed certificate.

Thanks,
Shatabdi



From: robertlazarski [mailto:robertlazarski@gmail.com]
Sent: Monday, February 11, 2019 5:37 AM
To: java-dev@axis.apache.org
Subject: Re: [Axis2] - Is Axis2 version 1.4 affected by RFC 2818?

Axis2 1.4 is very old and is unsupported.

The latest Axis2 allows you to configure httpclient4 instead of httpclient3. That might help.

Is your SSL cert self signed? It may be misconfigured.

Regards,
Robert

On Thu, Feb 7, 2019 at 7:12 PM <shatabdi.bose@daimler.com<mailto:shatabdi.bose@daimler.com>>
wrote:
Hello Team,

We are using Axis2 1.4 to consume SOAP services from WSDL. Currently, facing issues with the
SSL verification. Error is :

org.apache.axis2.AxisFault
org.apache.axis2.AxisFault: HTTPS hostname invalid: expected '******’, received ‘******1234*****'
                at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(HTTPSenderImpl.java:216)
                at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:121)
                at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:403)
                at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:234)
                at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:431)
                at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:399)
                at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: HTTPS hostname invalid: expected '******’,
received ‘******1234*****'
                at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname(Unknown
Source)
                at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket(Unknown
Source)
                at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
                at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
                at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
                at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
                at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.executeMethod(HTTPSenderImpl.java:872)
                at org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl.sendViaPost(HTTPSenderImpl.java:212)
                ... 58 more

We found a similar RFC 2818(https://tools.ietf.org/html/rfc2818 ) and also existing issue
 https://lwn.net/Articles/611992/ where the server hostname is being verified via the Subject
name (CN field) and not via the SAN entries.

Is Axis2 1.4 also affected by this ? Which version of axis2 is this issue fixed?
Let us know.

Thanks,
Shatabdi

If you are not the addressee, please inform us immediately that you have received this e-mail
by mistake, and delete it. We thank you for your support.



If you are not the addressee, please inform us immediately that you have received this e-mail
by mistake, and delete it. We thank you for your support.

Mime
View raw message