Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade of Apache httpClient for SSL certificate verification and Corresponding change in ApacheHttpClientExecutor #1070

Closed
kushalagrawal opened this issue Jul 21, 2017 · 3 comments
Closed

Upgrade of Apache httpClient for SSL certificate verification and Corresponding change in ApacheHttpClientExecutor #1070

kushalagrawal opened this issue Jul 21, 2017 · 3 comments
Labels
enhancement

Comments

@kushalagrawal
Copy link
Contributor

Hi,

We are using openstack4j-3.0.4. We were facing several issues with it because our OpenStack environment is ipv6 +https. Below are the issue while using os4j:

  1. Caused by: javax.net.ssl.SSLException: Certificate for <[2001:470:68e0:1151::100]> doesn't match any of the subject alternative names: [2001:470:68e0:1151::100, instack.localdomain, vip.localdomain]
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:177)
    at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:62)

  2. while using resteasy-connecter We were not able to use withHostnameVerifier or withSSLVerificationDisabled because these config are getting neglected while HttpClient is getting created in ApacheHttpClientExecutor

It is required to upgrade Apache httpclient version to 4.5.3 to avoid SSLCertificate issue in IPv6. We have already changed the code accordingly to solve these 2 issues.

With your permission we would like to contribute the code so that other people can also make use of it without redundent effort.
@auhlig
Copy link
Member

auhlig commented Jul 21, 2017

Yes please! Updates for these dependencies are very welcome.
Don't hesitate to reach out in case you need help.

kushalagrawal pushed a commit to kushalagrawal/openstack4j that referenced this issue Jul 24, 2017
Issue : ContainX#1070
cd87aa8 
Description: 1. Updated Apache httpclient version and corresponding code for IPv6+ https issue.
             2. Added support for IgnoreSSLVerification and custom SSLHostnameVerifier.
@kushalagrawal
Copy link
Contributor Author

Hi,
I have created a pull request for the same. Can you please have a look. let me know If any enhancement is required.

#1072

kushalagrawal pushed a commit to kushalagrawal/openstack4j that referenced this issue Sep 11, 2017
Issue : ContainX#1070
e57a978 
Description: Updated Resteasy client version  from 2.x to 3.x.
kushalagrawal pushed a commit to kushalagrawal/openstack4j that referenced this issue Sep 13, 2017
Issue : ContainX#1070
438f522 
Description: Fixed Test cases.
auhlig added a commit that referenced this issue Sep 19, 2017
@auhlig
Merge pull request #1072 from kushalagrawal1/master
044608b 
Issue : #[1070](#1070)
@kushalagrawal
Copy link
Contributor Author

Closing issue as the code has been updated to incorporate the changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@auhlig @kushalagrawal