Loading...

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: 8.0 Update 2
Affects Version/s: None
Component/s: Clustering
Labels:
- intersmash

Blocked:
False
Blocked Reason:
None
Ready:
False
QE Test Coverage:
+
Target Release:

8.0.z.GA
Git Pull Request:
https://github.com/jbossas/jboss-eap8/pull/337

SFDC Cases Counter:
SFDC Cases Links:

Description

A WildFly instance is configured to connect to a remote infinispan via HotRod, but the logs show that the deployment fails due to a SSLHandshakeException:

[0m[0m21:34:21,925 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 70) WFLYCLINF0002: Started ROOT.war.TransactionalRecurringTimerService.TRANSIENT cache from ejb container
[0m[31m21:34:22,193 ERROR [org.infinispan.HOTROD] (HotRod-client-async-pool-11) ISPN004007: Exception encountered. Retry 10 out of 10: org.infinispan.client.hotrod.exceptions.TransportException:: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 172.122.96.222 found
	at org.infinispan.client.hotrod@14.0.22.Final//org.infinispan.client.hotrod.impl.transport.netty.ActivationHandler.exceptionCaught(ActivationHandler.java:52)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:346)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:325)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:317)
	at org.infinispan.client.hotrod@14.0.22.Final//org.infinispan.client.hotrod.impl.transport.netty.SslHandshakeExceptionHandler.userEventTriggered(SslHandshakeExceptionHandler.java:17)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:400)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.invokeUserEventTriggered(AbstractChannelHandlerContext.java:376)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.fireUserEventTriggered(AbstractChannelHandlerContext.java:368)
	at io.netty.netty-handler@4.1.104.Final//io.netty.handler.ssl.SslHandler.handleUnwrapThrowable(SslHandler.java:1362)
	at io.netty.netty-handler@4.1.104.Final//io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1343)
	at io.netty.netty-handler@4.1.104.Final//io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387)
	at io.netty.netty-codec@4.1.104.Final//io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
	at io.netty.netty-codec@4.1.104.Final//io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
	at io.netty.netty-codec@4.1.104.Final//io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
	at io.netty.netty-transport@4.1.104.Final//io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
	at io.netty.netty-transport-native-epoll@4.1.104.Final//io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
	at io.netty.netty-transport-native-epoll@4.1.104.Final//io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:509)
	at io.netty.netty-transport-native-epoll@4.1.104.Final//io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:407)
	at io.netty.netty-common@4.1.104.Final//io.netty.util.concurrent.SingleThreadEventExecutor.run(SingleThreadEventExecutor.java:997)
	at io.netty.netty-common@4.1.104.Final//io.netty.util.internal.ThreadExecutorMap.run(ThreadExecutorMap.java:74)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at org.wildfly.clustering.context@32.0.0.Beta1-202402040142-c0bb3c99//org.wildfly.clustering.context.ContextReferenceExecutor.execute(ContextReferenceExecutor.java:32)
	at org.wildfly.clustering.context@32.0.0.Beta1-202402040142-c0bb3c99//org.wildfly.clustering.context.ContextualExecutor.run(ContextualExecutor.java:61)
	at org.wildfly.clustering.context@32.0.0.Beta1-202402040142-c0bb3c99//org.wildfly.clustering.context.ContextReferenceExecutor.execute(ContextReferenceExecutor.java:32)
	at org.wildfly.clustering.context@32.0.0.Beta1-202402040142-c0bb3c99//org.wildfly.clustering.context.ContextualExecutor.run(ContextualExecutor.java:61)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 172.122.96.222 found
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
	at io.netty.netty-handler@4.1.104.Final//io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1651)
	at io.netty.netty-handler@4.1.104.Final//io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1497)
	at io.netty.netty-handler@4.1.104.Final//io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338)
	... 23 more
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 172.122.96.222 found
	at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:165)
	at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:452)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:412)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:292)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
	... 34 more
...

As said we only see this in WildFly main branch at the moment, while the test is passing with WildFly 30.0.0.Final.

Attachments

Issue Links

clones

WFLY-19040 Regression due to SSLHandshakeException affecting HotRod client when connecting to remote Infinispan

Resolved

is caused by

JBEAP-26224 (8.0.z) Upgrade Infinispan to 14.0.24.Final-redhat-00001

Resolved

is incorporated by

JBEAP-26770 (8.0.z) Upgrade EAP codebase to 8.0.3.GA-redhat-SNAPSHOT in EAP 8.0 Update 2

Resolved

(8.0.z) Regression due to SSLHandshakeException affecting HotRod client when connecting to remote Infinispan

Details

Description

Attachments

Issue Links

Activity

People

Dates