lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Risden (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (SOLR-13541) Upgrade Jetty to 9.4.19.v20190610
Date Thu, 13 Jun 2019 14:45:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16863148#comment-16863148
] 

Kevin Risden edited comment on SOLR-13541 at 6/13/19 2:44 PM:
--------------------------------------------------------------

[~erickerickson] - Pulled this out from the logs. I wonder if our tests aren't setting up
the SAN (subject alternative names) correctly in the TLS/SSL certificate for localhost/127.0.0.1
TLS/SSL testing. There has been a push to move from CN -> SAN checking in certificates.
Browsers/JDK/etc have been making that change. It accounts for at least a few of the test
failures it looks like.

{code:java}
   [junit4]   2> Caused by: java.security.cert.CertificateException: No subject alternative
names matching IP address 127.0.0.1 found
   [junit4]   2> 	at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
   [junit4]   2> 	at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
   [junit4]   2> 	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
   [junit4]   2> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1068)
   [junit4]   2> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1007)
   [junit4]   2> 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
   [junit4]   2> 	... 22 more
{code}



was (Author: risdenk):
[~erickerickson] - Pulled this out from the logs. I wonder if our tests aren't setting up
the SAN (subject alternative names) correctly for local host TLS/SSL testing. There has been
a push to move from CN -> SAN checking in certificates. Browsers/JDK/etc have been making
that change. It accounts for at least a few of the test failures it looks like.

{code:java}
   [junit4]   2> Caused by: java.security.cert.CertificateException: No subject alternative
names matching IP address 127.0.0.1 found
   [junit4]   2> 	at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
   [junit4]   2> 	at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
   [junit4]   2> 	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
   [junit4]   2> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:1068)
   [junit4]   2> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1007)
   [junit4]   2> 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
   [junit4]   2> 	... 22 more
{code}


> Upgrade Jetty to 9.4.19.v20190610
> ---------------------------------
>
>                 Key: SOLR-13541
>                 URL: https://issues.apache.org/jira/browse/SOLR-13541
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Erick Erickson
>            Assignee: Erick Erickson
>            Priority: Major
>         Attachments: _test.res
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message