olivierlemasle opened a new issue #4587:
URL: https://github.com/apache/cloudstack/issues/4587
##### ISSUE TYPE
* Bug Report
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
SSVM
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on master
branch.
-->
~~~
4.15.0
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network,
advanced networking, etc. N/A otherwise
-->
N/A
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
N/A
##### SUMMARY
The http(s) client used by the SSVM to download templates does not support
SNI (Server Name Indication).
Templates available on webservers using https and SNI (e.g. behind
Cloudfront) cannot be downloaded.
##### STEPS TO REPRODUCE
Register template from URL, with e.g.:
- URL:
https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20201214.3.1/x86_64/fedora-coreos-33.20201214.3.1-vmware.x86_64.ova
(for OVA) or
https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20201214.3.1/x86_64/fedora-coreos-33.20201214.3.1-digitalocean.x86_64.qcow2.gz
(for qcow2)
- direct download: false
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
Template is expected to be downloaded in the zone.
##### ACTUAL RESULTS
<!-- What actually happened? -->
Template download fails in the zone, with message:
~~~
Received fatal alert: handshake_failure
~~~
##### Temporary fix
1. Log in the SSVM using SSH
2. Edit `/usr/local/cloud/systemvm/_run.sh` to replace
`-Djsse.enableSNIExtension=false` by `-Djsse.enableSNIExtension=true`
3. Restart the SSVM
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
