search

roniest / google-apis-explorer

Automatically exported from code.google.com/p/google-apis-explorer
Apache License 2.0
0 stars 0 forks source link

Host verification failing due to Google certificate #300

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Using Spring Social Google to authenticate Google+ user produces the issue 
below.

What is the expected output? What do you see instead?
Expected: Authenticate user and get user profile data
Instead: Exception

    59:27:345 ERROR org.springframework.social.connect.web.ProviderSignInController.oauth2Callback Message=Exception while completing OAuth 2 connection: 
    org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://www.googleapis.com/plus/v1/people/me":Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US); nested exception is javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.googleapis.com' does not match the certificate subject provided by the peer (CN=*.storage.googleapis.com, O=Google Inc, L=Mountain View, ST=California, C=US)
        at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:580)
        at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
        at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:237)
        at org.springframework.social.google.api.impl.AbstractGoogleApiOperations.getEntity(AbstractGoogleApiOperations.java:50)
        at org.springframework.social.google.api.plus.impl.PlusTemplate.getPerson(PlusTemplate.java:105)
        at org.springframework.social.google.api.plus.impl.PlusTemplate.getGoogleProfile(PlusTemplate.java:110)
        at org.springframework.social.google.connect.GoogleAdapter.fetchUserProfile(GoogleAdapter.java:51)
        at org.springframework.social.google.connect.GoogleAdapter.fetchUserProfile(GoogleAdapter.java:31)
        at org.springframework.social.google.connect.GoogleConnectionFactory.extractProviderUserId(GoogleConnectionFactory.java:37)
        at org.springframework.social.connect.support.OAuth2ConnectionFactory.createConnection(OAuth2ConnectionFactory.java:91)
        at org.springframework.social.connect.web.ConnectSupport.completeConnection(ConnectSupport.java:161)
        at org.springframework.social.connect.web.ProviderSignInController.oauth2Callback(ProviderSignInController.java:216)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)

What version of the product are you using? On what operating system?

Please provide any additional information below.
 There seems to be a mismatch between HTTPs call and Certificate.

Original issue reported on code.google.com by androidd...@gmail.com on 25 Apr 2015 at 2:16

GoogleCodeExporter commented 9 years ago 
Since the certificate has these SANs:
DNS Name=.storage.googleapis.com
DNS Name=.commondatastorage.googleapis.com
DNS Name=*.googleapis.com
, the certificate should be perfectly valid for www.googleapis.com.

Might be related: https://issues.apache.org/jira/browse/HTTPCLIENT-1613

Original comment by oyvind.h...@gmail.com on 28 Apr 2015 at 6:04

GoogleCodeExporter commented 9 years ago 
Downgrade HttpClient from 4.4 to 4.3 has fixed this issue.

Note: Markdown wrecked the list of SANs in my previous commet - they are:
DNS Name=*.storage.googleapis.com
DNS Name=*.commondatastorage.googleapis.com
DNS Name=*.googleapis.com

Original comment by oyvind.h...@gmail.com on 29 Apr 2015 at 7:03