Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1564

Proxied SSL Connections use wrong peer address

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.0.23.Final
    • 2.0.21.Final
    • SSL
    • None

      When creating a client SSL Connection via a HTTP proxy, the destination address indicated in the SSL connection is the address of the proxy. This is wrong and leads to a CertificateException:

        java.security.cert.CertificateException: No subject alternative names matching IP address 127.0.0.1 found
        	at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:160)
        	at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:96)
        	at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:459)
        	at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:434)
        	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:291)
        	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
        	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:620)
        	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461)
        	at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361)
        	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
        	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
        	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
        	at java.base/java.security.AccessController.doPrivileged(Native Method)
        	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
        	at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1111)
        	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        	at java.base/java.lang.Thread.run(Thread.java:834)}
      

      (in this case the proxy was running on 127.0.0.1).

            flaviarnn Flavia Rainone
            criege@riege.com Christian Riege (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: