-
Enhancement
-
Resolution: Done
-
Critical
-
None
-
None
The UrlConnectionHttpClient tries to disable SNI checks that cause the HttpUrlConnection when handshaking SSL with hosts that dont have a valid hostname/alias:
javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name (JBIDE-14760)
The openshift-java-client currently sets the system property (https://github.com/adietish/openshift-java-client/blob/master/src/main/java/com/openshift/internal/client/httpclient/UrlConnectionHttpClient.java#L326):
// JDK7 bug workaround System.setProperty(SYSPROP_ENABLE_SNI_EXTENSION, "false");
This "fix" is very bad since it turns these checks off in the whole JVM. Furthermore it has no effects since it would only affect SSL libraries that are loaded after that system property was set.
So the only valid fix in Eclipse is to either connect to OpenShift Enterprise instances via IP-address or to turn SNI-checks off globally in eclipse.ini/jbdevstudio.ini:
-Djsse.enableSNIExtension=false
We have to remove the above code that set the system property.
- is related to
-
JBIDE-14760 Cannot connect to OpenShift Enterprise with hostname: javax.net.ssl.SSLProtocolException (WATCHER)
- Closed
-
JBIDE-15594 Cannot connect to OpenShift DEVENV with hostname: javax.net.ssl.SSLProtocolException
- Closed
- relates to
-
JBIDE-19594 SSL callback: provide meaningful hostname verifier, stop always accepting hostnames
- Open