I am connecting to a remote swift server which does not have connection from my local, so I am settingup a SSH tunnel to establish connection to the remote swift server. Due to the tunneling I have to change the swift auth url to https://localhost:5000/v3 (even tried https://127.0.0.1:5000/v3). After establishing the tunnel I ran a curl command without certificate verification (curl -k https://localhost:5000/v3) and I see the response, so the connection is working fine.
When I am starting the application I am getting the following error:
Caused by: javax.net.ssl. SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [*.XXXX.XXXX.com]
So I checked the JOSS client documentation and it suggested to set the DisableSslValidation = true, so now I am setting the flag to true while creating the AccountConfig and I can see from the JOSS logs that the SSL verification is disabled.
Code change:
AccountConfig swiftConfig = new AccountConfig();
swiftConfig.setDisableSslValidation(true);
But even after setting the DisableSslValidation = true, I am still getting the SSLPeerUnverifiedException, and I see that the code is going to SSLConnectionSocketFactory.verifyHostname to verify the hostname. Please check the error log below.
I would really appreciate if someone can please check and let me know if I need to set any other config parameter to disable the SSL verification?
Error Log:
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [*.XXXX.XXXX.com]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:467) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.3.jar:4.5.3]
at org.javaswift.joss.command.impl.core.AbstractCommand.call(AbstractCommand.java:50) ~[joss-0.10.4.jar:na]
... 80 common frames omitted
Hi
I am connecting to a remote swift server which does not have connection from my local, so I am settingup a SSH tunnel to establish connection to the remote swift server. Due to the tunneling I have to change the swift auth url to https://localhost:5000/v3 (even tried https://127.0.0.1:5000/v3). After establishing the tunnel I ran a curl command without certificate verification (curl -k https://localhost:5000/v3) and I see the response, so the connection is working fine.
When I am starting the application I am getting the following error:
Caused by: javax.net.ssl. SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [*.XXXX.XXXX.com]
So I checked the JOSS client documentation and it suggested to set the DisableSslValidation = true, so now I am setting the flag to true while creating the AccountConfig and I can see from the JOSS logs that the SSL verification is disabled.
Code change: AccountConfig swiftConfig = new AccountConfig(); swiftConfig.setDisableSslValidation(true);
Log: 2020-10-28 10:36:22.672 INFO 94321 --- [ main] o.javaswift.joss.client.impl.ClientImpl : JOSS / Disable SSL verification
But even after setting the DisableSslValidation = true, I am still getting the SSLPeerUnverifiedException, and I see that the code is going to SSLConnectionSocketFactory.verifyHostname to verify the hostname. Please check the error log below.
I would really appreciate if someone can please check and let me know if I need to set any other config parameter to disable the SSL verification?
Error Log: Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [*.XXXX.XXXX.com]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:467) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.3.jar:4.5.3]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.3.jar:4.5.3]
at org.javaswift.joss.command.impl.core.AbstractCommand.call(AbstractCommand.java:50) ~[joss-0.10.4.jar:na]
... 80 common frames omitted