Uploaded image for project: 'Geode'
  1. Geode
  2. GEODE-8144

endpoint identification in servers is not working

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.13.0, 1.14.0
    • membership, messaging
    • None

    Description

      update 5/20/2020: this needs to be ported to 1.13 so it's picked up ASAP by TGF for VMs.

      If you enable endpoint identification in a server the server will not start.  It will log exceptions like this:

       

      javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
	at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
	at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
	at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
	at org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
	at org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
	at org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
	at org.apache.geode.internal.tcp.Connection.<init>(Connection.java:1167)
	at org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
	at org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
	at org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
	at org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
	at org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
	at org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
	at org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
	at org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
	at org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
	at org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
	at org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
	at org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
	at org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
	at org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
	at org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
	at org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
	at org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
	at org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
	at org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
	at org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
	at org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
	at org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
	at src.EntryConsumer.initialize(EntryConsumer.java:69)
	at src.EntryConsumer.main(EntryConsumer.java:340)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:1015)
	at sun.security.ssl.Handshaker$1.run(Handshaker.java:1012)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1504)
	at org.apache.geode.internal.net.NioSslEngine.handleBlockingTasks(NioSslEngine.java:225)
	at org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:185)
	... 27 more
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 10.118.26.62 found
	at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
	at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:442)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:261)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1675)
	... 35 more

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. GEODE-9139 SSLException in starting up a Locator

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #5131

          Web Link GitHub Pull Request #5163

          Web Link GitHub Pull Request #5172

          Web Link GitHub Pull Request #5250

          Activity

            People

              bschuchardt Bruce J Schuchardt
              bschuchardt Bruce J Schuchardt
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: