[jira] [Commented] (CMIS-1007) Server name indication support for cmis-workbench

Tue, 17 Jan 2017 06:16:41 -0800 

    [ 
https://issues.apache.org/jira/browse/CMIS-1007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15826106#comment-15826106
 ] 

Chris Turchin commented on CMIS-1007:
-------------------------------------

Hi [~fmuller] Thanks for your feedback - it would seem you solved this for me! 

FTFA:
{quote}
The simplest solution, and it's recommended as it closes many other security 
vulnerabilities, is to upgrade to Java JDK/JRE 8U101 or later (and ideally 
later, as of writing, it's version 8U111). There is also Java 7 update, 7U111 
which also has the certificates needed but that's only for Oracle clients on 
support contracts.
{quote}
This would seem to be incorrect. I am using an Oracle JDK with the version
{noformat}
C:\tmp>java -version
java version "1.8.0_102"
Java(TM) SE Runtime Environment (build 1.8.0_102-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.102-b14, mixed mode)
{noformat}
Which I would have assumed hat the new certificated installed, but this would 
seem not to be true. After installing the certificate, I was able to connect 
(and authenticate)!



> Server name indication support for cmis-workbench
> -------------------------------------------------
>
>                 Key: CMIS-1007
>                 URL: https://issues.apache.org/jira/browse/CMIS-1007
>             Project: Chemistry
>          Issue Type: Improvement
>          Components: opencmis-workbench
>    Affects Versions: OpenCMIS 1.0.0
>         Environment: Windows 8.1
>            Reporter: Chris Turchin
>              Labels: features, security
>
> I have recently started using letsencrypt as a certificate authority for my 
> development servers. 
> Unfortunately, I get the following error when trying to login to my cmis 
> server using the latest version of cmis-workbench:
> {code}
> > 18:17:48 ERROR hemistry.opencmis.workbench.ClientHelper: 
> > CmisPermissionDeniedException: Forbidden
> org.apache.chemistry.opencmis.commons.exceptions.CmisPermissionDeniedException:
>  Forbidden
>       at 
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.convertStatusCode(AbstractAtomPubService.java:497)
>       at 
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:701)
>       at 
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:873)
>       at 
> org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:66)
>       at 
> org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:92)
>       at 
> org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:120)
>       at 
> org.apache.chemistry.opencmis.workbench.model.ClientSession.connect(ClientSession.java:243)
>       at 
> org.apache.chemistry.opencmis.workbench.model.ClientSession.<init>(ClientSession.java:124)
>       at 
> org.apache.chemistry.opencmis.workbench.LoginDialog.createClientSession(LoginDialog.java:302)
>       at 
> org.apache.chemistry.opencmis.workbench.LoginDialog$1.actionPerformed(LoginDialog.java:123)
>       at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
>       at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
>       at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
>       at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
>       at javax.swing.AbstractButton.doClick(Unknown Source)
>       at 
> javax.swing.plaf.basic.BasicRootPaneUI$Actions.actionPerformed(Unknown Source)
>       at javax.swing.SwingUtilities.notifyAction(Unknown Source)
>       at javax.swing.JComponent.processKeyBinding(Unknown Source)
>       at javax.swing.KeyboardManager.fireBinding(Unknown Source)
>       at javax.swing.KeyboardManager.fireKeyboardAction(Unknown Source)
>       at javax.swing.JComponent.processKeyBindingsForAllComponents(Unknown 
> Source)
>       at javax.swing.JComponent.processKeyBindings(Unknown Source)
>       at javax.swing.JComponent.processKeyEvent(Unknown Source)
>       at java.awt.Component.processEvent(Unknown Source)
>       at java.awt.Container.processEvent(Unknown Source)
>       at java.awt.Component.dispatchEventImpl(Unknown Source)
>       at java.awt.Container.dispatchEventImpl(Unknown Source)
>       at java.awt.Component.dispatchEvent(Unknown Source)
>       at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
>       at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown Source)
>       at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown 
> Source)
>       at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown 
> Source)
>       at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
>       at java.awt.Component.dispatchEventImpl(Unknown Source)
>       at java.awt.Container.dispatchEventImpl(Unknown Source)
>       at java.awt.Window.dispatchEventImpl(Unknown Source)
>       at java.awt.Component.dispatchEvent(Unknown Source)
>       at java.awt.EventQueue.dispatchEventImpl(Unknown Source)
>       at java.awt.EventQueue.access$500(Unknown Source)
>       at java.awt.EventQueue$3.run(Unknown Source)
>       at java.awt.EventQueue$3.run(Unknown Source)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
>  Source)
>       at 
> java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
>  Source)
>       at java.awt.EventQueue$4.run(Unknown Source)
>       at java.awt.EventQueue$4.run(Unknown Source)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown
>  Source)
>       at java.awt.EventQueue.dispatchEvent(Unknown Source)> 18:17:48 ERROR 
> hemistry.opencmis.workbench.ClientHelper: Error code: 0
> > 18:17:48 ERROR hemistry.opencmis.workbench.ClientHelper: Error content: 
> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>403 Forbidden</title>
> </head><body>
> <h1>Forbidden</h1>
> <p>You don't have permission to access /mc/cmis/atom
> on this server.<br />
> Reason: The client software did not provide a hostname using Server Name 
> Indication (SNI), which is required to access this server.<br />
> </p>
> </body></html>
> {code}
> The certificate is on the reverse proxy, running  Apache/2.4.18 (Ubuntu) and 
> looks basically like this:
> {code}
> <VirtualHost somehost.somedomain:443>
> ServerName somehost.somedomain
> SSLEngine On
> SSLCertificateFile             /var/letsencrypt/somehost.somedomain/signed.crt
> SSLCertificateKeyFile          /var/letsencrypt/somehost.somedomain/domain.key
> SSLCACertificateFile           
> /var/letsencrypt/somehost.somedomain/intermediate.pem
> SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
> SSLOpenSSLConfCmd DHParameters "/usr/local/apache2/1024dhparams.pem"
> SSLProxyEngine on
> ProxyPass        / http://localhost:8379/ timeout=600
> ProxyPassReverse / http://localhost:8379/ timeout=600
> ProxyPreserveHost On
> Header set Access-Control-Allow-Origin "*"
> Header set Access-Control-Allow-Credentials "true"
> Header edit Location ^http(\:\/\/.*)$ https$1
> </VirtualHost>
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to