Uploaded image for project: 'OpenShift Java Client'
  1. OpenShift Java Client
  2. OSJC-6

openshift-java-client: remove code that disables SNI checks with JDK7

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 2.2.0
    • Component/s: core
    • Labels:
      None

      Description

      The UrlConnectionHttpClient tries to disable SNI checks that cause the HttpUrlConnection when handshaking SSL with hosts that dont have a valid hostname/alias:

      javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name (JBIDE-14760)

      The openshift-java-client currently sets the system property (https://github.com/adietish/openshift-java-client/blob/master/src/main/java/com/openshift/internal/client/httpclient/UrlConnectionHttpClient.java#L326):

      UrlConnectionHttpClient
      // JDK7 bug workaround
      System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
      

      This "fix" is very bad since it turns these checks off in the whole JVM. Furthermore it has no effects since it would only affect SSL libraries that are loaded after that system property was set.
      So the only valid fix in Eclipse is to either connect to OpenShift Enterprise instances via IP-address or to turn SNI-checks off globally in eclipse.ini/jbdevstudio.ini:

      -Djsse.enableSNIExtension=false
      

      We have to remove the above code that set the system property.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              adietish@redhat.com André Dietisheim
              Reporter:
              adietish@redhat.com André Dietisheim
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: