[Architecture] wso2is 5.3.0: opensaml SSL peer failed hostname validation

Tue, 04 Jul 2017 08:12:32 -0700 

Hello all, 

QUESTION:

Where I can configure/customize hostname validator for 
org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory in wso2is 5.3.0 ?


CONFIGURATION:

I get clean wso2is 5.3.0 and did the following changes to configure it working 
with IP and with localhost:

repository/conf/carbon.xml

    <HostName>172.25.22.67</HostName>
    <MgtHostName>172.25.22.67</MgtHostName>

repository/resources/security/wso2carbon.jks 

    recreated keystore with the following command to support subject alter 
names (SAN):
    keytool -genkey -dname "CN=localhost" -alias wso2carbon -validity 3650 
-keyalg RSA -keystore wso2carbon.jks -keypass wso2carbon -storepass wso2carbon  
-ext san=ip:172.25.22.67,ip:127.0.0.1,dns:localhost
    
    in this case i see in certificate Extension/Certificate Subject Alt Name:
        IP Address: 172.25.22.67
        IP Address: 127.0.0.1
        DNS Name: localhost

repository/resources/security/client-truststore.jks 

    imported public key for generated private key

PROBLEM:

I'm sure about my certificates and simple java program successfully calls 
wso2is services using new client-truststore.jks 
Everything works fine until i try to login into wso2is dashboard:
https://172.25.22.67:9443/dashboard/

I got an error:
[2017-07-04 17:15:28,159] ERROR {JAGGERY.acs:jag} -  
org.mozilla.javascript.WrappedException: 
    Wrapped org.jaggeryjs.scriptengine.exceptions.ScriptException: 
        SSL peer failed hostname validation for name: 172.25.22.67 
(/dashboard/controllers/wsUtil.jag#27)
...
    Caused by: javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed 
hostname validation for name: 172.25.22.67
        at 
org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.verifyHostname(TLSProtocolSocketFactory.java:233)
        at 
org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:194)
        at 
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
        at 
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
        at 
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
        at 
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
        at 
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        at 
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:659)
        at 
org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:195)
        ... 82 more


_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to