[jira] [Created] (CASSANDRA-21441) TLS related tests are failing

Mon, 08 Jun 2026 09:30:06 -0700 

Dmitry Konstantinov created CASSANDRA-21441:
-----------------------------------------------

             Summary: TLS related tests are failing
                 Key: CASSANDRA-21441
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-21441
             Project: Apache Cassandra
          Issue Type: Bug
          Components: Test/unit
            Reporter: Dmitry Konstantinov


A set of TLS-related tests has started to fail in trunk on ci and pre-ci:
Tests / dtest-latest jdk17 16/64 / 
dtest-latest.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest-latest jdk21 16/64 / 
dtest-latest.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest-latest jdk11 16/64 / 
dtest-latest.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest-latest jdk21 17/64 / 
dtest-latest.jmx_test.TestJMXSSL.test_require_client_auth
Tests / dtest-latest jdk17 17/64 / 
dtest-latest.jmx_test.TestJMXSSL.test_require_client_auth
Tests / dtest-latest jdk11 17/64 / 
dtest-latest.jmx_test.TestJMXSSL.test_require_client_auth
Tests / dtest-novnode jdk11 22/64 / 
dtest-novnode.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest-novnode jdk21 22/64 / 
dtest-novnode.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest-novnode jdk17 22/64 / 
dtest-novnode.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest-novnode jdk21 23/64 / 
dtest-novnode.jmx_test.TestJMXSSL.test_require_client_auth
Tests / dtest-novnode jdk17 23/64 / 
dtest-novnode.jmx_test.TestJMXSSL.test_require_client_auth
Tests / dtest-novnode jdk11 23/64 / 
dtest-novnode.jmx_test.TestJMXSSL.test_require_client_auth
Tests / dtest jdk11 16/64 / dtest.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest jdk17 16/64 / dtest.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest jdk21 16/64 / dtest.jmx_test.TestJMXSSL.test_jmx_connection
Tests / dtest jdk17 17/64 / dtest.jmx_test.TestJMXSSL.test_require_client_auth
Tests / dtest jdk11 17/64 / dtest.jmx_test.TestJMXSSL.test_require_client_auth
Tests / dtest jdk21 17/64 / dtest.jmx_test.TestJMXSSL.test_require_client_auth
Tests / jvm-dtest jdk11 7/16 / 
org.apache.cassandra.distributed.test.SSTableLoaderEncryptionOptionsTest.bulkLoaderSuccessfullyStreamsOverSsl-_jdk11_x86_64
Tests / jvm-dtest jdk17 7/16 / 
org.apache.cassandra.distributed.test.SSTableLoaderEncryptionOptionsTest.bulkLoaderSuccessfullyStreamsOverSsl-_jdk17_x86_64
Tests / jvm-dtest jdk21 7/16 / 
org.apache.cassandra.distributed.test.SSTableLoaderEncryptionOptionsTest.bulkLoaderSuccessfullyStreamsOverSsl-_jdk21_x86_64
Tests / jvm-dtest jdk17 13/16 / 
org.apache.cassandra.distributed.test.auth.AuthAuditLoggingTest.testMutualTlsAuthenticationFailedWithUntrustedCertificate-_jdk17_x86_64
Tests / jvm-dtest jdk21 13/16 / 
org.apache.cassandra.distributed.test.auth.AuthAuditLoggingTest.testMutualTlsAuthenticationFailedWithUntrustedCertificate-_jdk21_x86_64
Tests / jvm-dtest jdk11 2/16 / 
org.apache.cassandra.distributed.test.jmx.JMXSslConfigDistributedTest.testSystemSettings-_jdk11_x86_64
Tests / jvm-dtest jdk17 2/16 / 
org.apache.cassandra.distributed.test.jmx.JMXSslConfigDistributedTest.testSystemSettings-_jdk17_x86_64
Tests / jvm-dtest jdk21 2/16 / 
org.apache.cassandra.distributed.test.jmx.JMXSslConfigDistributedTest.testSystemSettings-_jdk21_x86_64

Example: https://ci-cassandra.apache.org/job/Cassandra-trunk/2506/testReport/j

Test errors include:
{code}
Caused by: java.security.cert.CertificateException: No name matching localhost 
found
        at 
java.base/sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:234)
        at 
java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:103)
        at 
java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:467)
        at 
java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:433)
        at 
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:238)
        at 
java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
        at 
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1278)
        ... 36 more
{code}
{code}
Caused by: java.security.cert.CertificateException: No subject alternative 
names present
        at 
java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142)
        at 
java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101)
        at 
java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:461)
        at 
java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:435)
        at 
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
        at 
java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
        at 
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1350)
{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to