search

jopenlibs / vault-java-driver

Zero-dependency Java client for HashiCorp's Vault
https://jopenlibs.github.io/vault-java-driver
26 stars 18 forks source link

[BUG] javax.net.ssl.SSLHandshakeException when using `verify(false)` #57

Closed henryx closed 9 months ago

henryx commented 9 months ago

Describe the bug

According to the documentation if we want disable SSL check, we need use the verify(false) method present in SslConfig class. However, this causes the following error:

Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching vault.domain.local found.

To Reproduce

Use this configuration:

final VaultConfig vaultConfig = new VaultConfig()
                .address("https://vault.domain.local")
                .token("mock_token")
                .sslConfig(new SslConfig().verify(false))
                .engineVersion(1)
                .build();
henryx commented 9 months ago

Error is caused when the SSL certificate presented from the web server is related to an another domain (e.g. we have deployed Vault in Kubernetes but we haven't correctly configured the SSL ingress termination). Another reason because the problem is presented is the introduction of the new HTTPClient (see #24), which uses a different method to disable SSL check and doesn't have a simple method to disable it (see https://bugs.openjdk.org/browse/JDK-8213309)