You are viewing a plain text version of this content. The canonical link for it is here.

Posted to ivy-user@ant.apache.org by Thomas Langston <th...@mongodb.com.INVALID> on 2019/07/11 17:09:08 UTC

Understanding SSLHandshakeException: No subject alternative DNS name throw by ivy

Hello,

I'm getting the following SSL error when trying to resolve packages
from atlassian's artifactory repo via ivy.

[ivy:retrieve] Server access error at url
https://packages.atlassian.com/repository/public/net/minidev/json-smart/(javax.net.ssl.SSLHandshakeException:
No subject alternative DNS name matching packages.atlassian.com
found.)

However, when I view the certificate in Chrome or Firefox, it appears
valid. The Subject Alternative Name extension has the following
values.

Not Critical
DNS Name: *.atlassian.com
DNS Name: atlassian.com

Is this an error on my side or atlassian's? How would I go about
solving it, preferably without disabling any SSL security?

Thanks,

Thomas Langston

Re: Understanding SSLHandshakeException: No subject alternative DNS name throw by ivy

Posted by Thomas Langston <th...@mongodb.com.INVALID>.

Confirmed that updating my AdoptOpenJDK from 11.0.1 to 11.0.3 solves the issue.

Thanks!

-Thomas Langston

On Fri, Jul 12, 2019 at 9:21 AM Jaikiran Pai <ja...@apache.org> wrote:
>
> I was able to reproduce this with Java 11.0.1 (OpenJDK). It however
> seems to be fixed in subsequent releases. I tried 12.x OpenJDK and it
> worked fine there. I guess it probably is also fixed in some 11.0.x
> release too, but I haven't had a chance to try it there.
>
> -Jaikiran
>
> On 12/07/19 6:42 AM, Jaikiran Pai wrote:
> > Hello Thomas,
> >
> > Which version of Ivy and Java are you using? Can you paste the output
> > of java -version?
> > Also, does your classpath have Apache HTTP client libraries? I am
> > trying to understand if this is coming from the HTTP client library or
> > the JDK classes that we use in Ivy.
> >
> > -Jaikiran
> >
> > On Thursday, July 11, 2019, Thomas Langston
> > <th...@mongodb.com.invalid> wrote:
> > > Hello,
> > >
> > > I'm getting the following SSL error when trying to resolve packages
> > > from atlassian's artifactory repo via ivy.
> > >
> > > [ivy:retrieve] Server access error at url
> > >
> > https://packages.atlassian.com/repository/public/net/minidev/json-smart/(javax.net.ssl.SSLHandshakeException:
> > > No subject alternative DNS name matching packages.atlassian.com
> > <http://packages.atlassian.com>
> > > found.)
> > >
> > > However, when I view the certificate in Chrome or Firefox, it appears
> > > valid. The Subject Alternative Name extension has the following
> > > values.
> > >
> > > Not Critical
> > > DNS Name: *.atlassian.com <http://atlassian.com>
> > > DNS Name: atlassian.com <http://atlassian.com>
> > >
> > > Is this an error on my side or atlassian's? How would I go about
> > > solving it, preferably without disabling any SSL security?
> > >
> > > Thanks,
> > >
> > > Thomas Langston
> > >

Re: Understanding SSLHandshakeException: No subject alternative DNS name throw by ivy

Posted by Jaikiran Pai <ja...@apache.org>.

I was able to reproduce this with Java 11.0.1 (OpenJDK). It however
seems to be fixed in subsequent releases. I tried 12.x OpenJDK and it
worked fine there. I guess it probably is also fixed in some 11.0.x
release too, but I haven't had a chance to try it there.

-Jaikiran

On 12/07/19 6:42 AM, Jaikiran Pai wrote:
> Hello Thomas,
>
> Which version of Ivy and Java are you using? Can you paste the output
> of java -version?
> Also, does your classpath have Apache HTTP client libraries? I am
> trying to understand if this is coming from the HTTP client library or
> the JDK classes that we use in Ivy.
>
> -Jaikiran
>
> On Thursday, July 11, 2019, Thomas Langston
> <th...@mongodb.com.invalid> wrote:
> > Hello,
> >
> > I'm getting the following SSL error when trying to resolve packages
> > from atlassian's artifactory repo via ivy.
> >
> > [ivy:retrieve] Server access error at url
> >
> https://packages.atlassian.com/repository/public/net/minidev/json-smart/(javax.net.ssl.SSLHandshakeException:
> > No subject alternative DNS name matching packages.atlassian.com
> <http://packages.atlassian.com>
> > found.)
> >
> > However, when I view the certificate in Chrome or Firefox, it appears
> > valid. The Subject Alternative Name extension has the following
> > values.
> >
> > Not Critical
> > DNS Name: *.atlassian.com <http://atlassian.com>
> > DNS Name: atlassian.com <http://atlassian.com>
> >
> > Is this an error on my side or atlassian's? How would I go about
> > solving it, preferably without disabling any SSL security?
> >
> > Thanks,
> >
> > Thomas Langston
> >

Re: Understanding SSLHandshakeException: No subject alternative DNS name throw by ivy

Posted by Jaikiran Pai <ja...@gmail.com>.

Hello Thomas,

Which version of Ivy and Java are you using? Can you paste the output of
java -version?
Also, does your classpath have Apache HTTP client libraries? I am trying to
understand if this is coming from the HTTP client library or the JDK
classes that we use in Ivy.

-Jaikiran

On Thursday, July 11, 2019, Thomas Langston
<th...@mongodb.com.invalid> wrote:
> Hello,
>
> I'm getting the following SSL error when trying to resolve packages
> from atlassian's artifactory repo via ivy.
>
> [ivy:retrieve] Server access error at url
>
https://packages.atlassian.com/repository/public/net/minidev/json-smart/(javax.net.ssl.SSLHandshakeException
:
> No subject alternative DNS name matching packages.atlassian.com
> found.)
>
> However, when I view the certificate in Chrome or Firefox, it appears
> valid. The Subject Alternative Name extension has the following
> values.
>
> Not Critical
> DNS Name: *.atlassian.com
> DNS Name: atlassian.com
>
> Is this an error on my side or atlassian's? How would I go about
> solving it, preferably without disabling any SSL security?
>
> Thanks,
>
> Thomas Langston
>