Uploaded image for project: 'OpenShift Java Client'
  1. OpenShift Java Client
  2. OSJC-6

openshift-java-client: remove code that disables SNI checks with JDK7

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Critical Critical
    • 2.2.0
    • None
    • core
    • None

      The UrlConnectionHttpClient tries to disable SNI checks that cause the HttpUrlConnection when handshaking SSL with hosts that dont have a valid hostname/alias:

      javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name (JBIDE-14760)

      The openshift-java-client currently sets the system property (https://github.com/adietish/openshift-java-client/blob/master/src/main/java/com/openshift/internal/client/httpclient/UrlConnectionHttpClient.java#L326):

      UrlConnectionHttpClient
      // JDK7 bug workaround
      System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
      

      This "fix" is very bad since it turns these checks off in the whole JVM. Furthermore it has no effects since it would only affect SSL libraries that are loaded after that system property was set.
      So the only valid fix in Eclipse is to either connect to OpenShift Enterprise instances via IP-address or to turn SNI-checks off globally in eclipse.ini/jbdevstudio.ini:

      -Djsse.enableSNIExtension=false
      

      We have to remove the above code that set the system property.

            adietish@redhat.com André Dietisheim
            adietish@redhat.com André Dietisheim
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: