Return-Path: <dev-return-9550-archive-asf-public=cust-asf.ponee.io@chemistry.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 35D01200BF8
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri, 13 Jan 2017 19:05:35 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 34748160B3F; Fri, 13 Jan 2017 18:05:35 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 58F0E160B2E
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 13 Jan 2017 19:05:34 +0100 (CET)
Received: (qmail 98807 invoked by uid 500); 13 Jan 2017 18:05:28 -0000
Mailing-List: contact dev-help@chemistry.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@chemistry.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@chemistry.apache.org>
List-Post: <mailto:dev@chemistry.apache.org>
List-Id: <dev.chemistry.apache.org>
Reply-To: dev@chemistry.apache.org
Delivered-To: mailing list dev@chemistry.apache.org
Received: (qmail 98718 invoked by uid 99); 13 Jan 2017 18:05:28 -0000
Received: from Unknown (HELO jira-lw-us.apache.org) (207.244.88.139)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Jan 2017 18:05:28 +0000
Received: from jira-lw-us.apache.org (localhost [127.0.0.1])
	by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 7B8BB25282
	for <dev@chemistry.apache.org>; Fri, 13 Jan 2017 18:05:26 +0000 (UTC)
Date: Fri, 13 Jan 2017 18:05:26 +0000 (UTC)
From: =?utf-8?Q?Florian_M=C3=BCller_=28JIRA=29?= <jira@apache.org>
To: dev@chemistry.apache.org
Message-ID: <JIRA.13034739.1484328437000.3858.1484330726504@Atlassian.JIRA>
In-Reply-To: <JIRA.13034739.1484328437000@Atlassian.JIRA>
References: <JIRA.13034739.1484328437000@Atlassian.JIRA> <JIRA.13034739.1484328437376@jira-lw-us.apache.org>
Subject: [jira] [Comment Edited] (CMIS-1007) Server name indication support
 for cmis-workbench
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Fri, 13 Jan 2017 18:05:35 -0000


    [ https://issues.apache.org/jira/browse/CMIS-1007?page=3Dcom.atlassian.=
jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D15822=
056#comment-15822056 ]=20

Florian M=C3=BCller edited comment on CMIS-1007 at 1/13/17 6:04 PM:
---------------------------------------------------------------

Which Java version are you using on the client side? Maybe you have to upda=
te.

Make sure you are using a fully qualified name domain name. If you are usin=
g a short domain name SNI isn't sent.

You can also try to use a different HTTP library.
* Get the OkHttp libraries form here: https://square.github.io/okhttp/
* Log on via the expert tab. Add this line: {{org.apache.chemistry.opencmis=
.binding.httpinvoker.classname=3Dorg.apache.chemistry.opencmis.client.bindi=
ngs.spi.http.OkHttpHttpInvoker}}


was (Author: fmui):
Which Java version are you using on the client side? Maybe you have to upda=
te.

You can also try to use a different HTTP library.
* Get the OkHttp libraries form here: https://square.github.io/okhttp/
* Log on via the expert tab. Add this line: {{org.apache.chemistry.opencmis=
.binding.httpinvoker.classname=3Dorg.apache.chemistry.opencmis.client.bindi=
ngs.spi.http.OkHttpHttpInvoker}}

> Server name indication support for cmis-workbench
> -------------------------------------------------
>
>                 Key: CMIS-1007
>                 URL: https://issues.apache.org/jira/browse/CMIS-1007
>             Project: Chemistry
>          Issue Type: Improvement
>          Components: opencmis-workbench
>    Affects Versions: OpenCMIS 1.0.0
>         Environment: Windows 8.1
>            Reporter: Chris Turchin
>              Labels: features, security
>
> I have recently started using letsencrypt as a certificate authority for =
my development servers.=20
> Unfortunately, I get the following error when trying to login to my cmis =
server using the latest version of cmis-workbench:
> {code}
> > 18:17:48 ERROR hemistry.opencmis.workbench.ClientHelper: CmisPermission=
DeniedException: Forbidden
> org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedExce=
ption: Forbidden
> =09at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractA=
tomPubService.convertStatusCode(AbstractAtomPubService.java:497)
> =09at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractA=
tomPubService.read(AbstractAtomPubService.java:701)
> =09at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractA=
tomPubService.getRepositoriesInternal(AbstractAtomPubService.java:873)
> =09at org.apache.chemistry.opencmis.client.bindings.spi.atompub.Repositor=
yServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:66)
> =09at org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServic=
eImpl.getRepositoryInfos(RepositoryServiceImpl.java:92)
> =09at org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.get=
Repositories(SessionFactoryImpl.java:120)
> =09at org.apache.chemistry.opencmis.workbench.model.ClientSession.connect=
(ClientSession.java:243)
> =09at org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(=
ClientSession.java:124)
> =09at org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSes=
sion(LoginDialog.java:302)
> =09at org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerform=
ed(LoginDialog.java:123)
> =09at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
> =09at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
> =09at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
> =09at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
> =09at javax.swing.AbstractButton.doClick(Unknown Source)
> =09at javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(Unkn=
own Source)
> =09at javax.swing.SwingUtilities.notifyAction(Unknown Source)
> =09at javax.swing.JComponent.processKeyBinding(Unknown Source)
> =09at javax.swing.KeyboardManager.fireBinding(Unknown Source)
> =09at javax.swing.KeyboardManager.fireKeyboardAction(Unknown Source)
> =09at javax.swing.JComponent.processKeyBindingsForAllComponents(Unknown S=
ource)
> =09at javax.swing.JComponent.processKeyBindings(Unknown Source)
> =09at javax.swing.JComponent.processKeyEvent(Unknown Source)
> =09at java.awt.Component.processEvent(Unknown Source)
> =09at java.awt.Container.processEvent(Unknown Source)
> =09at java.awt.Component.dispatchEventImpl(Unknown Source)
> =09at java.awt.Container.dispatchEventImpl(Unknown Source)
> =09at java.awt.Component.dispatchEvent(Unknown Source)
> =09at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
> =09at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown Sourc=
e)
> =09at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown So=
urce)
> =09at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown So=
urce)
> =09at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
> =09at java.awt.Component.dispatchEventImpl(Unknown Source)
> =09at java.awt.Container.dispatchEventImpl(Unknown Source)
> =09at java.awt.Window.dispatchEventImpl(Unknown Source)
> =09at java.awt.Component.dispatchEvent(Unknown Source)
> =09at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
> =09at java.awt.EventQueue.access$500(Unknown Source)
> =09at java.awt.EventQueue$3.run(Unknown Source)
> =09at java.awt.EventQueue$3.run(Unknown Source)
> =09at java.security.AccessController.doPrivileged(Native Method)
> =09at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectio=
nPrivilege(Unknown Source)
> =09at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectio=
nPrivilege(Unknown Source)
> =09at java.awt.EventQueue$4.run(Unknown Source)
> =09at java.awt.EventQueue$4.run(Unknown Source)
> =09at java.security.AccessController.doPrivileged(Native Method)
> =09at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectio=
nPrivilege(Unknown Source)
> =09at java.awt.EventQueue.dispatchEvent(Unknown Source)> 18:17:48 ERROR h=
emistry.opencmis.workbench.ClientHelper: Error code: 0
> > 18:17:48 ERROR hemistry.opencmis.workbench.ClientHelper: Error content:=
 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>403 Forbidden</title>
> </head><body>
> <h1>Forbidden</h1>
> <p>You don't have permission to access /mc/cmis/atom
> on this server.<br />
> Reason: The client software did not provide a hostname using Server Name =
Indication (SNI), which is required to access this server.<br />
> </p>
> </body></html>
> {code}
> The certificate is on the reverse proxy, running  Apache/2.4.18 (Ubuntu) =
and looks basically like this:
> {code}
> <VirtualHost somehost.somedomain:443>
> ServerName somehost.somedomain
> SSLEngine On
> SSLCertificateFile             /var/letsencrypt/somehost.somedomain/signe=
d.crt
> SSLCertificateKeyFile          /var/letsencrypt/somehost.somedomain/domai=
n.key
> SSLCACertificateFile           /var/letsencrypt/somehost.somedomain/inter=
mediate.pem
> SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
> SSLOpenSSLConfCmd DHParameters "/usr/local/apache2/1024dhparams.pem"
> SSLProxyEngine on
> ProxyPass        / http://localhost:8379/ timeout=3D600
> ProxyPassReverse / http://localhost:8379/ timeout=3D600
> ProxyPreserveHost On
> Header set Access-Control-Allow-Origin "*"
> Header set Access-Control-Allow-Credentials "true"
> Header edit Location ^http(\:\/\/.*)$ https$1
> </VirtualHost>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)