[
https://issues.apache.org/jira/browse/CASSANDRA-21441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmitry Konstantinov updated CASSANDRA-21441:
--------------------------------------------
Summary: TLS/SSL related tests are failing (was: TLS related tests are
failing)
> TLS/SSL related tests are failing
> ---------------------------------
>
> Key: CASSANDRA-21441
> URL: https://issues.apache.org/jira/browse/CASSANDRA-21441
> Project: Apache Cassandra
> Issue Type: Bug
> Components: Test/unit
> Reporter: Dmitry Konstantinov
> Priority: Normal
>
> A set of TLS-related tests has started to fail in trunk on ci and pre-ci:
> Tests / dtest-latest jdk17 16/64 /
> dtest-latest.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest-latest jdk21 16/64 /
> dtest-latest.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest-latest jdk11 16/64 /
> dtest-latest.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest-latest jdk21 17/64 /
> dtest-latest.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / dtest-latest jdk17 17/64 /
> dtest-latest.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / dtest-latest jdk11 17/64 /
> dtest-latest.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / dtest-novnode jdk11 22/64 /
> dtest-novnode.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest-novnode jdk21 22/64 /
> dtest-novnode.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest-novnode jdk17 22/64 /
> dtest-novnode.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest-novnode jdk21 23/64 /
> dtest-novnode.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / dtest-novnode jdk17 23/64 /
> dtest-novnode.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / dtest-novnode jdk11 23/64 /
> dtest-novnode.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / dtest jdk11 16/64 / dtest.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest jdk17 16/64 / dtest.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest jdk21 16/64 / dtest.jmx_test.TestJMXSSL.test_jmx_connection
> Tests / dtest jdk17 17/64 / dtest.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / dtest jdk11 17/64 / dtest.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / dtest jdk21 17/64 / dtest.jmx_test.TestJMXSSL.test_require_client_auth
> Tests / jvm-dtest jdk11 7/16 /
> org.apache.cassandra.distributed.test.SSTableLoaderEncryptionOptionsTest.bulkLoaderSuccessfullyStreamsOverSsl-_jdk11_x86_64
> Tests / jvm-dtest jdk17 7/16 /
> org.apache.cassandra.distributed.test.SSTableLoaderEncryptionOptionsTest.bulkLoaderSuccessfullyStreamsOverSsl-_jdk17_x86_64
> Tests / jvm-dtest jdk21 7/16 /
> org.apache.cassandra.distributed.test.SSTableLoaderEncryptionOptionsTest.bulkLoaderSuccessfullyStreamsOverSsl-_jdk21_x86_64
> Tests / jvm-dtest jdk17 13/16 /
> org.apache.cassandra.distributed.test.auth.AuthAuditLoggingTest.testMutualTlsAuthenticationFailedWithUntrustedCertificate-_jdk17_x86_64
> Tests / jvm-dtest jdk21 13/16 /
> org.apache.cassandra.distributed.test.auth.AuthAuditLoggingTest.testMutualTlsAuthenticationFailedWithUntrustedCertificate-_jdk21_x86_64
> Tests / jvm-dtest jdk11 2/16 /
> org.apache.cassandra.distributed.test.jmx.JMXSslConfigDistributedTest.testSystemSettings-_jdk11_x86_64
> Tests / jvm-dtest jdk17 2/16 /
> org.apache.cassandra.distributed.test.jmx.JMXSslConfigDistributedTest.testSystemSettings-_jdk17_x86_64
> Tests / jvm-dtest jdk21 2/16 /
> org.apache.cassandra.distributed.test.jmx.JMXSslConfigDistributedTest.testSystemSettings-_jdk21_x86_64
> Example: https://ci-cassandra.apache.org/job/Cassandra-trunk/2506/testReport/j
> Test errors include:
> {code}
> Caused by: java.security.cert.CertificateException: No name matching
> localhost found
> at
> java.base/sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:234)
> at
> java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:103)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:467)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:433)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:238)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1278)
> ... 36 more
> {code}
> {code}
> Caused by: java.security.cert.CertificateException: No subject alternative
> names present
> at
> java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142)
> at
> java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:461)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:435)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1350)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
