DaanHoogland
commented
3 years ago seems like a trivial change, I wonder if the enableSNIExtension=false was set on purpose.
cc @nvazquez (and maybe @sureshanaparti)?
Closed olivierlemasle closed 2 years ago
DaanHoogland
commented
3 years ago seems like a trivial change, I wonder if the enableSNIExtension=false was set on purpose.
cc @nvazquez (and maybe @sureshanaparti)?
olivierlemasle
commented
3 years ago I wonder if the enableSNIExtension=false was set on purpose.
I wonder, too...
As I wrote in PR #4588, enableSNIExtension=false was added in commit 1d45b75298e; the commit message includes:
Java 1.7 - disable using SNI since copyTemplate doesnt work for SSL.
rohityadavcloud
commented
3 years ago Ping @olivierlemasle are you working on the PR #4588 ?
nvazquez
commented
3 years ago Hi @olivierlemasle is there any work after PR #4588 is closed to address this issue?
rohityadavcloud
commented
3 years ago Ping @olivierlemasle - any update on this? Should we close this, or attempt to introduce a global setting on top of your previous PR to toggle behaviour?
sureshanaparti
commented
2 years ago ping @olivierlemasle any update on this issue (any work done after PR #4588)?
nvazquez
commented
2 years ago Ping @olivierlemasle
rohityadavcloud
commented
2 years ago Ping @olivierlemasle can you test this with latest 4.17.0.0? And re-open this if you're still able to reproduce this. Thanks for submitting the bug-report.
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
N/A
OS / ENVIRONMENT
N/A
SUMMARY
The http(s) client used by the SSVM to download templates does not support SNI (Server Name Indication).
Templates available on webservers using https and SNI (e.g. behind Cloudfront) cannot be downloaded.
STEPS TO REPRODUCE
Register template from URL, with e.g.:
EXPECTED RESULTS
Template is expected to be downloaded in the zone.
ACTUAL RESULTS
Template download fails in the zone, with message:
Temporary fix
/usr/local/cloud/systemvm/_run.shto replace-Djsse.enableSNIExtension=falseby-Djsse.enableSNIExtension=true