Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
4.0.4
-
None
-
None
-
Windows Server 2016, CXF 4.0.4 under SpringBoot 3.1.9, JDK 17.
-
Unknown
Description
After migrating to 4.0.4, tlsClientParameters disableCNCheck="true" no longer has any effect. When calling an endpoint with IP address that does not match with the certificate CN, received the following exception. Adding useHttpsURLConnectionDefaultHostnameVerifier="false" explicitly did not help. The code worked fine with CXF 3.5.6.
java.security.cert.CertificateException: No subject alternative names matching IP address 204.138.115.21 found at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:165) at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101) at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:458) at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:432) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:292) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632) [wrapped] javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 204.138.115.21 found at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.lambda$executeTasks$3(SSLFlowDelegate.java:1118) at java.net.http/jdk.internal.net.http.HttpClientImpl$DelegatingExecutor.execute(HttpClientImpl.java:157) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.executeTasks(SSLFlowDelegate.java:1113) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate.doHandshake(SSLFlowDelegate.java:1079) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader.processData(SSLFlowDelegate.java:484) at java.net.http/jdk.internal.net.http.common.SSLFlowDelegate$Reader$ReaderDownstreamPusher.run(SSLFlowDelegate.java:268) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$LockingRestartableTask.run(SequentialScheduler.java:205) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:149) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$TryEndDeferredCompleter.complete(SequentialScheduler.java:347) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$CompleteRestartableTask.run(SequentialScheduler.java:151) at java.net.http/jdk.internal.net.http.common.SequentialScheduler$SchedulableTask.run(SequentialScheduler.java:230) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) at java.base/java.lang.Thread.run(Thread.java:840) [wrapped] org.apache.cxf.interceptor.Fault: Could not send Message. at org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.isConnectionAttemptCompleted(HttpClientHTTPConduit.java:619) at org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientPipedOutputStream.canWrite(HttpClientHTTPConduit.java:379) at org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientPipedOutputStream.write(HttpClientHTTPConduit.java:389) at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:81) at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:51) at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69) at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:81) at org.apache.cxf.io.CacheAndWriteOutputStream.write(CacheAndWriteOutputStream.java:81) at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:51) at com.ctc.wstx.io.UTF8Writer.flush(UTF8Writer.java:100) at com.ctc.wstx.sw.BufferingXmlWriter.flush(BufferingXmlWriter.java:242) at com.ctc.wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:215) at com.ctc.wstx.sw.BaseStreamWriter._finishDocument(BaseStreamWriter.java:1478) at com.ctc.wstx.sw.BaseStreamWriter.writeEndDocument(BaseStreamWriter.java:550) at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor.handleMessage(SoapOutInterceptor.java:307) at org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor.handleMessage(SoapOutInterceptor.java:294) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:434) at org.apache.camel.component.cxf.jaxws.CxfProducer.process(CxfProducer.java:120) at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:210) at org.apache.camel.processor.errorhandler.NoErrorHandler.process(NoErrorHandler.java:46) at org.apache.camel.impl.engine.CamelInternalProcessor.processNonTransacted(CamelInternalProcessor.java:354) at org.apache.camel.impl.engine.CamelInternalProcessor.process(CamelInternalProcessor.java:330) at org.apache.camel.processor.Pipeline$PipelineTask.run(Pipeline.java:102) at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.doRun(DefaultReactiveExecutor.java:199) at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.executeReactiveWork(DefaultReactiveExecutor.java:189) at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.tryExecuteReactiveWork(DefaultReactiveExecutor.java:166) at org.apache.camel.impl.engine.DefaultReactiveExecutor$Worker.schedule(DefaultReactiveExecutor.java:148) at org.apache.camel.impl.engine.DefaultReactiveExecutor.scheduleMain(DefaultReactiveExecutor.java:59) at org.apache.camel.processor.Pipeline.process(Pipeline.java:163) at org.apache.camel.impl.engine.CamelInternalProcessor.processNonTransacted(CamelInternalProcessor.java:354) at org.apache.camel.impl.engine.CamelInternalProcessor.process(CamelInternalProcessor.java:330) at org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:293) at org.apache.camel.component.timer.TimerConsumer$1.doRun(TimerConsumer.java:164) at org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:136) at java.base/java.util.TimerThread.mainLoop(Timer.java:566) at java.base/java.util.TimerThread.run(Timer.java:516)