Klemen created JCLOUDS-1180:
-------------------------------
Summary: No SNI support with default Java and Apache HTTPS client
Key: JCLOUDS-1180
URL: https://issues.apache.org/jira/browse/JCLOUDS-1180
Project: jclouds
Issue Type: Bug
Components: jclouds-drivers
Affects Versions: 2.0.0
Reporter: Klemen
Priority: Minor
SNI is a TLS extension that basically tells which hostname it wants certificate
for before handshake. Simple setup would be a reverse proxy serving 2 different
subdomains each one with it's own certificate while having a single static IP.
Popular setup, especially with let's encrypt nowadays.
The bug was triggered after trying to connect to a FakeS3 server behind a
reverse proxy described above. JClouds throws an SSL error telling that PKIX
path is wrong even though it's actually not.
SNI support works fine with OkHttp driver.
My best guess so far as the possible reasons are:
1. For default Java client an OpenJDK bug which may or may not have a
workaround:
http://stackoverflow.com/questions/30817934/extended-server-name-sni-extension-not-sent-with-jdk1-8-0-but-send-with-jdk1-7
2. For Apache client: https://issues.jboss.org/browse/KEYCLOAK-2439
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
