AW: Getting SSLPeerUnverifiedException , when using httpclient-4.5.13

2021-09-28 Thread Thomas Hoffmann (Speed4Trade GmbH)
Hello,

it looks like the SAN field of your certificate only contains the IP-address 
10.106.206.143 but not the domain name parthise2.cisco.com.

Chrome already switched in 2017 from the field "common name" to the field 
"subject alternative name",
E.g. 
https://security.stackexchange.com/questions/172626/chrome-requires-san-names-in-certificate-when-will-other-browsers-ie-follow

Best is to get a new certificate with a SAN field containing the domain name.

Greetings,
Thomas

-Urspr√ľngliche Nachricht-
Von: Parth Parikh -X (parparik - WIPRO LIMITED at Cisco) 
 
Gesendet: Dienstag, 28. September 2021 13:49
An: users@tomcat.apache.org
Betreff: Getting SSLPeerUnverifiedException , when using httpclient-4.5.13

Hi,

I am getting below exception error , when using httpclient-4.5.13 jar ,

javax.net.ssl.SSLPeerUnverifiedException: Certificate for  
doesn't match any of the subject alternative names: [10.106.206.143]
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at 
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at 
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at 
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at 
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at 
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
   at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at 
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at 
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at 
com.cisco.cpm.infrastructure.softwareupdates.http.HttpExecutor.executeGet(HttpExecutor.java:194)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.remoteServerStatus(CpmPatchUtil.java:1003)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.listPatchesFromAllNodes(CpmPatchUtil.java:551)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchManagement.getInstalledPatches(CpmPatchManagement.java:90)
at 
com.cisco.cpm.admin.infra.action.PatchInstallAction.loadGridData(PatchInstallAction.java:377)

when I changed httpclient jar file from httpclient-4.5.13 to httpclient-4.4 . 
There is no exception error and code just works fine.

Is there any better solution for this error? Will downgrading the version 
impact my application? Please guide me

Thanks and Regards,
Parth Parikh


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Getting SSLPeerUnverifiedException , when using httpclient-4.5.13

2021-09-28 Thread Parth Parikh -X (parparik - WIPRO LIMITED at Cisco)
Hi,

I am getting below exception error , when using httpclient-4.5.13 jar ,

javax.net.ssl.SSLPeerUnverifiedException: Certificate for  
doesn't match any of the subject alternative names: [10.106.206.143]
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
at 
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at 
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at 
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at 
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at 
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at 
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
   at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at 
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at 
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at 
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at 
com.cisco.cpm.infrastructure.softwareupdates.http.HttpExecutor.executeGet(HttpExecutor.java:194)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.remoteServerStatus(CpmPatchUtil.java:1003)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.listPatchesFromAllNodes(CpmPatchUtil.java:551)
at 
com.cisco.cpm.infrastructure.systemconfig.CpmPatchManagement.getInstalledPatches(CpmPatchManagement.java:90)
at 
com.cisco.cpm.admin.infra.action.PatchInstallAction.loadGridData(PatchInstallAction.java:377)

when I changed httpclient jar file from httpclient-4.5.13 to httpclient-4.4 . 
There is no exception error and code just works fine.

Is there any better solution for this error? Will downgrading the version 
impact my application? Please guide me

Thanks and Regards,
Parth Parikh