Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disabling hostname checking for connecting via SSL #258

Closed
agarman opened this issue Nov 20, 2017 · 10 comments
Closed

Disabling hostname checking for connecting via SSL #258

agarman opened this issue Nov 20, 2017 · 10 comments
Labels
stale

Comments

@agarman
Copy link

agarman commented Nov 20, 2017

Attempting to connect to compose.io etcd service using example in SssTest.java. It looks like compose.io uses certificates that do not matchDNS. Is there a way to disable HostnameChecker exposed by ClientBuilder or GrpcSslContexts?

CertificateException No subject alternative DNS name matching etcd found.
	sun.security.util.HostnameChecker.matchDNS (HostnameChecker.java:204)
	sun.security.util.HostnameChecker.match (HostnameChecker.java:95)
	sun.security.ssl.X509TrustManagerImpl.checkIdentity (X509TrustManagerImpl.java:455)
	sun.security.ssl.X509TrustManagerImpl.checkIdentity (X509TrustManagerImpl.java:436)
	sun.security.ssl.X509TrustManagerImpl.checkTrusted (X509TrustManagerImpl.java:252)
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted (X509TrustManagerImpl.java:136)
io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify (ReferenceCountedOpenSslClientContext.java:221)
io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify (ReferenceCountedOpenSslContext.java:644)
io.netty.internal.tcnative.SSL.readFromSSL (SSL.java:-2)
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.readPlaintextData (ReferenceCountedOpenSslEngine.java:482)
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap (ReferenceCountedOpenSslEngine.java:1020)
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap (ReferenceCountedOpenSslEngine.java:1127)
@lburgazzoli
Copy link
Collaborator

You can set the right authority via the builder:

https://github.com/coreos/jetcd/blob/master/jetcd-core/src/test/java/com/coreos/jetcd/internal/impl/SslTest.java#L46

@agarman
Copy link
Author

agarman commented Nov 21, 2017

@lburgazzoli thanks - looks like I need to use a SNAPSHOT to get access to that.

@agarman agarman closed this as completed Nov 21, 2017
@kingpong
Copy link

kingpong commented Nov 21, 2017
edited

@lburgazzoli How should one set the authority correctly when there are multiple endpoints, each with distinct name and certificate?

@lburgazzoli
Copy link
Collaborator

I think there was a discussion about this issue on grpc-java about this so I need to check what solution has been implemented and reflect it on jetcd but I had no time so far. The issue is on how the grpc-java NameResolver.

@agarman agarman reopened this Nov 21, 2017
@agarman
Copy link
Author

agarman commented Nov 21, 2017

Re-opening as this is still not usable. Authority needs to be set per endpoint.

@lburgazzoli
Copy link
Collaborator

@agarman I'm not sure about what we can do on jetcd side, see the following conversations:

@lburgazzoli
Copy link
Collaborator

@agarman @kingpong I think I need to wait for grpc/grpc-java#4469 to be implemented to provide a solution.

@agarman
Copy link
Author

agarman commented Jul 10, 2018

@lburgazzoli understood

@github-actions
Copy link

This issue is stale because it has been open 60 days with no activity.
Remove stale label or comment or this will be closed in 7 days.

@github-actions github-actions bot added the stale label Feb 21, 2020
@im-bravo
Copy link

im-bravo commented May 8, 2020
edited

I updated the library version to the latest version (0.5.3) to solve this problem
https://mvnrepository.com/artifact/io.etcd/jetcd-all

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kingpong @agarman @lburgazzoli @im-bravo