p4ic4idea icon indicating copy to clipboard operation
p4ic4idea copied to clipboard

Published 20 hours ago verified publisher icon groboclown

Error occurred when verifying the SSL peer

Open Elwetana opened this issue 2 years ago • 6 comments

I am trying to follow the instructions for specifying the SSL connection, but I am still getting the error message above.

My Resolved Properties are:

Resolved Properties for [folder_name]: P4CHARSET=(no value) P4CLIENT=[client_name] P4FINGERPRINT=(no value) P4HOST=(no value) P4IGNORE=(no value) P4LOGINSSO=(no value) P4PASSWD=(no value) P4PORT=ssl:[ip_address]:1666 P4TICKETS=(no value) P4TRUST=[path]\p4trust.txt P4USER=[user]

I am removing the actual values for privacy reasons, but I am pretty sure they are correct:

  • client_name is actual client name, besides the connection probably dies before it enters the picture
  • ip address is correct, I can use command p4 -p ssl:[ip_address]:1666 info successfully (or any other command)
  • path to the trust file is correct (if I change it, I get a different error message to the effect that the file has not been found)

The file contains two fingerprints, I verified both and neither works.

I am sure this is some problem on my side, I will appreciate any hint. My Perforce information is:

  • Server version: P4D/NTX64/2020.2/2075706 (2021/02/03)

Elwetana avatar Mar 14 '22 19:03 Elwetana

For the plugin, the P4PORT will need to start with ssl:// (such as ssl://perforce:1666)

groboclown avatar Mar 15 '22 21:03 groboclown

Thank you for your response. However, this does not help. Changing P4PORT to ssl://[ip_address]:1666 does not change the outcome; I still get the same error. To be more specific: the behaviour is the same whether I use double slash or not, and in the Resolved Properties window P4PORT the double slash is always omitted (so it looks like in my original post, ssl:ip_address:1666)

Elwetana avatar Mar 16 '22 13:03 Elwetana

The configuration panel will show either "(hostname):(port)" or "ssl:(hostname):(port)" depending on whether you selected an SSL protocol.

This particular error message comes from Java's SSL library (javax.net.ssl.SSLPeerUnverifiedException), whose documentation reads:

Indicates that the peer's identity has not been verified. When the peer was not able to identify itself (for example; no certificate, the particular cipher suite being used does not support authentication, or no peer authentication was established during SSL handshaking) this exception is thrown.

I haven't seen this particular issue before. It looks like this is happening because Java's SSL connection code can't find the certificates reported by the server (calling SSLSession.getPeerCertificates()):

This method can be used only when using certificate-based cipher suites; using it with non-certificate-based cipher suites, such as Kerberos, will throw an SSLPeerUnverifiedException.

Is the server set up to run in SSL mode, or are you running the connection through a proxy over SSL? I've only tested the plugin's SSL capability with the server (p4d) built-in SSL mode, so this may be a configuration that the code doesn't support. With more information, I can look into what it would take to support this setup.

For a deeper description of what you can use for SSL:

  • ssl:(hostname):(port) uses the underlying P4Java library's P4JRPCNTSSSL implementation (the newer wire communication code).
  • ssl://(hostname):(port)" and ntss://(hostname):(port)will also use P4Java library'sP4JRPCNTSSSL`.
  • javassl://(hostname):(port) and javas://(hostname):(port) will use the P4Java library's P4JAVASSL implementation (the older wire communication code).

groboclown avatar Mar 17 '22 00:03 groboclown

Thank you again for taking time to address this issue. Unfortunately, the problem persists regardless of the prefix I use (ssl, javassl, javas -- all generate the same error).

Our Perforce installation is quite standard, we don't have a proxy; I have verified that the certificate and private key are present on the server, also other tools (p4v, p4admin, etc.) work fine (as does command line p4 client).

I would be very happy to provide more information, please let me know what you need -- can I enable some logging of the communication with the server? Do you need some information about the Perforce installation?

Elwetana avatar Mar 17 '22 10:03 Elwetana

To start with, would you post the stack trace from the IDE log? It's under the Help -> Show Log in (program name). Look for the stack trace that includes SSLPeerUnverifiedException . I might be wrong about the source of the issue, and this will help me validate the source of the problem.

Do you know the version of p4d you are running? That can also help me try to replicate the issue.

groboclown avatar Mar 18 '22 00:03 groboclown

Having the same issue.

This is what I'm seeing in my logs

2022-12-13 09:15:54,052 [77381395]   WARN - #n.g.p.s.i.c.P4RequestErrorHandler - Running an action with the Perforce server server:{P4TRUST=<<trust path>>, P4PASSWD=(set), P4PORT=<<ssl:host:port>>, P4TICKETS=<<tickets path>>, P4USER=<<user>>, P4FINGERPRINT=(unset), P4LOGINSSO=(unset)} generated an error.
com.perforce.p4java.exception.SslHandshakeException: Error occurred while verifying the SSL peer.
	at com.perforce.p4java.impl.mapbased.rpc.stream.RpcStreamConnection.initSSL(RpcStreamConnection.java:372)
	at com.perforce.p4java.impl.mapbased.rpc.stream.RpcStreamConnection.initSocketBasedServer(RpcStreamConnection.java:272)
	at com.perforce.p4java.impl.mapbased.rpc.stream.RpcStreamConnection.init(RpcStreamConnection.java:171)
	at com.perforce.p4java.impl.mapbased.rpc.stream.RpcStreamConnection.<init>(RpcStreamConnection.java:161)
	at com.perforce.p4java.impl.mapbased.rpc.NtsServerImpl.connect(NtsServerImpl.java:168)
	at net.groboclown.p4.server.impl.connection.impl.SimpleConnectionManager.connect(SimpleConnectionManager.java:212)
	at net.groboclown.p4.server.impl.connection.impl.SimpleConnectionManager.lambda$withConnection$2(SimpleConnectionManager.java:152)
	at net.groboclown.p4.server.impl.connection.P4RequestErrorHandler.handleConnection(P4RequestErrorHandler.java:157)
	at net.groboclown.p4.server.impl.connection.P4RequestErrorHandler.handle(P4RequestErrorHandler.java:71)
	at net.groboclown.p4.server.impl.connection.impl.SimpleConnectionManager.lambda$handleAsync$6(SimpleConnectionManager.java:589)
	at net.groboclown.p4.server.impl.connection.impl.SimpleConnectionManager.lambda$startPromise$8(SimpleConnectionManager.java:603)
	at net.groboclown.p4.server.api.async.AsyncAnswer.lambda$background$0(AsyncAnswer.java:49)
	at com.intellij.openapi.application.impl.ApplicationImpl$1.run(ApplicationImpl.java:297)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at java.base/sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:1034)
	at com.perforce.p4java.impl.mapbased.rpc.stream.RpcStreamConnection.initSSL(RpcStreamConnection.java:329)

PepeBotella25 avatar Dec 13 '22 13:12 PepeBotella25