vietj
commented
5 years ago it seems to be a JVM issue ?
Closed ctron closed 5 years ago
vietj
commented
5 years ago it seems to be a JVM issue ?
vietj
commented
5 years ago actually it's tcnative issue
vietj
commented
5 years ago @ctron can you tell which SSL implementation / version you are using ? it seems the bug is fixed in tcnative but it might be in a different implementation you are using
ctron
commented
5 years ago I am using pure Java. No (netty-)tcnative is involved. It is the same behavior in Java 8 and Java 11.
However, I don't think this is a bug in Netty, Tcnative or Java. Digging a little bit into it, it looks more like a bug of io.vertx.core.net.impl.SSLHelper, which simply passes the host name into new SNIHostName, without taking care of the format.
vietj
commented
5 years ago ok thanks for the info.
vietj
commented
5 years ago so that would be actually a vertx-core bug
vietj
commented
5 years ago vietj
commented
5 years ago you can check with 3.8.1-SNAPSHOT @ctron
Trying to connect to a host
my.server.tld.fails, while connecting tomy.server.tldsucceeds.The cause is:
Server name value of host_name cannot have the trailing dot.Also see:
Full stack trace
~~~ javax.net.ssl.SSLHandshakeException: Failed to create SSL connection at io.vertx.core.net.impl.ChannelProvider$1.userEventTriggered(ChannelProvider.java:109) at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:326) at io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:312) at io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(AbstractChannelHandlerContext.java:304) at io.netty.handler.ssl.SslHandler.handleUnwrapThrowable(SslHandler.java:1250) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1231) at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1272) at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337) at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:677) at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:612) at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:529) at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:491) at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.lang.Thread.run(Thread.java:748) Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521) at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528) at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:802) at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1330) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1225) ... 19 more Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1709) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459) at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1500) at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1514) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1398) ... 20 more Caused by: java.security.cert.CertificateException: Illegal given domain name: messaging-mmn7q92ipq-enmasse-infra.wonderful.iot-playground.org. at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:195) at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626) ... 29 more Caused by: java.lang.IllegalArgumentException: Server name value of host_name cannot have the trailing dot at javax.net.ssl.SNIHostName.checkHostName(SNIHostName.java:319) at javax.net.ssl.SNIHostName.