No longer able to connect via SSL using IPv6 address in 1.2.1+ (Contains non-LDH ASCII characters)

[dmarcuccio-solace]

• [+] Bug exists Release Version 1.2.1 ( Master Branch)
• [?] Bug exists Release Version 1.2.2 ( Master Branch)
• [?] Bug exists in MQTTv3 Client on Snapshot Version 1.2.3-SNAPSHOT (Develop Branch)
• [?] Bug exists in MQTTv5 Client on Snapshot Version 1.2.3-SNAPSHOT (Develop Branch)

After upgrading the paho mqttv3 client from 1.2.0 to 1.2.1, when connecting using ssl://[IPv6-Address] , the client is unable to connect to the server. e.g. when connecting with ssl://[fd80::160:192:168:162:128]:6006 as the host, the client returns the following error:

        at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
        at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:736)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
        at java.net.IDN.toASCIIInternal(IDN.java:296)
        at java.net.IDN.toASCII(IDN.java:122)
        at javax.net.ssl.SNIHostName.<init>(SNIHostName.java:99)
        at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:139)
        at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:722)
        ... 1 more

The client is able to connect without issues if the IPv6 DNS name is used instead of it's address, and an IPv6 address is able to connect if it connects without SSL. An IPv4 address is able to connect with SSL.

This used to be possible in 1.2.0, and I believe it was changed from this commit: https://github.com/eclipse/paho.mqtt.java/commit/0a2f69f8748166d257c27fdaf20e262c098af5fb#diff-754ba1d62b1bb4cf8c883edfb223333d , where the host was added as a SNIHostName in SSLNetworkModule.start. It appears that the IPv6 address format fails being converted to ASCIIInternal, most likely because of the colons in the address.

Was this functionality intentionally removed in 1.2.1, and if so was there a reason why? As a result of this change the client is no longer able to provide IPv6 address testing for our application. I haven't been able to test with 1.2.2 yet however the changelog does not show any related updates.

[rdasgupt]

@dmarcuccio-solace What is your Java version? I don't see any IPv6 related failure in my test env. I am using 1.2.2 though.

[yuval-lom]

Happened to me as well today [::1] fails localhost fine

org.eclipse.paho org.eclipse.paho.client.mqttv3 1.2.2

[dmarcuccio-solace]

@dmarcuccio-solace What is your Java version? I don't see any IPv6 related failure in my test env. I am using 1.2.2 though.

@rdasgupt We are building with Java 1.7

[yuval-lom]

@rdasgupt We are building with Java 1.8

[yuval-lom]

Any comments on this issue? still having this issue (when connecting to ssl://::1:8883)

[gaomingok]

I have the same problem with IPv6 and ssl. org.eclipse.paho.client.mqttv3 1.2.1 jre1.8.0_212

org.eclipse.paho.client.mqttv3.MqttException: MqttException at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38) at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:736) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters at java.net.IDN.toASCIIInternal(IDN.java:296) at java.net.IDN.toASCII(IDN.java:122) at javax.net.ssl.SNIHostName.(SNIHostName.java:99) at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:139) at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:722)