Open pkoryzna opened 6 years ago
I wonder if this actually an issue for ssl-config or the underlying akka-http dependency?
@pkoryzna - can you please include a minimal example, ie pointing to some site with a self-signed certificate? I made one here: https://139.59.135.117/
Minimal example here: https://gist.github.com/pkoryzna/f288d8471c7e1c8822b3594d043d7017
Custom SSL context works for me. Example: https://gist.github.com/iRevive/4a3c7cb96374da5da80d4538f3da17cb And 'on demand' trustful ssl context: https://gist.github.com/iRevive/7d17144284a7a2227487635ec815860d
I confirm, this setting does not work.
java.lang.RuntimeException: Delegated task threw Exception/Error
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at akka.stream.impl.io.TLSActor.doUnwrap(TLSActor.scala:385)
at akka.stream.impl.io.TLSActor.doInbound(TLSActor.scala:295)
at akka.stream.impl.io.TLSActor.$anonfun$bidirectional$1(TLSActor.scala:230)
at akka.stream.impl.Pump.pump(Transfer.scala:202)
at akka.stream.impl.Pump.pump$(Transfer.scala:200)
at akka.stream.impl.io.TLSActor.pump(TLSActor.scala:50)
at akka.stream.impl.BatchingInputBuffer.enqueueInputElement(ActorProcessor.scala:96)
at akka.stream.impl.BatchingInputBuffer$$anonfun$upstreamRunning$1.applyOrElse(ActorProcessor.scala:147)
at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:38)
at akka.stream.impl.SubReceive.apply(Transfer.scala:18)
at akka.stream.impl.FanIn$InputBunch$$anonfun$subreceive$1.applyOrElse(FanIn.scala:242)
at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:38)
at akka.stream.impl.SubReceive.apply(Transfer.scala:18)
at akka.stream.impl.SubReceive.apply(Transfer.scala:14)
at scala.PartialFunction.applyOrElse(PartialFunction.scala:127)
at scala.PartialFunction.applyOrElse$(PartialFunction.scala:126)
at akka.stream.impl.SubReceive.applyOrElse(Transfer.scala:14)
at scala.PartialFunction$OrElse.applyOrElse(PartialFunction.scala:175)
at akka.actor.Actor.aroundReceive(Actor.scala:539)
at akka.actor.Actor.aroundReceive$(Actor.scala:537)
at akka.stream.impl.io.TLSActor.aroundReceive(TLSActor.scala:50)
at akka.actor.ActorCell.receiveMessage(ActorCell.scala:612)
at akka.actor.ActorCell.invoke(ActorCell.scala:581)
at akka.dispatch.Mailbox.processMailbox(Mailbox.scala:268)
at akka.dispatch.Mailbox.run(Mailbox.scala:229)
at akka.dispatch.Mailbox.exec(Mailbox.scala:241)
at akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Caused by: java.lang.NullPointerException
at sun.net.util.IPAddressUtil.textToNumericFormatV4(IPAddressUtil.java:49)
at sun.net.util.IPAddressUtil.isIPv4LiteralAddress(IPAddressUtil.java:241)
at sun.security.util.HostnameChecker.isIpAddress(HostnameChecker.java:124)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:92)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at akka.stream.impl.io.TLSActor.runDelegatedTasks(TLSActor.scala:423)
at akka.stream.impl.io.TLSActor.doUnwrap(TLSActor.scala:392)
... 29 more
This is the exception I got when I tried to use loose SSL settings in Akka
While using
akka-http
, I need to have an option to trust all the certificates when connecting via HTTPS. I follow the instructions on http://lightbend.github.io/ssl-config/LooseSSL.html#loose-options and https://doc.akka.io/docs/akka-http/10.0.10/scala/http/client-side/client-https-support.html#disabling-tls-security-features-at-your-own-risk, but had no success - the certificate still seems to be validated regardless of the setting. Opening a connection just keeps throwing a stack trace like one below.Why: I'm writing a plugin for a certain application which bundles its own JDK. The certificate authorities more often than not will not be under my control, and I cannot expect users to add certificates to
cacerts
or supply thier own files.