api-manager icon indicating copy to clipboard operation
api-manager copied to clipboard

Published 20 hours ago verified publisher icon wso2

Disabling the hostname verification is not working

Open ShehanRavindu opened this issue 7 months ago • 0 comments

Description

We have tried to disable HostnameVerification. We checked by removing the localhost from client-trustore.jks and importing a certificate with different CN. After disabling the hostname verification, adding the following parameters to the api-manager.sh file, and we tried to access the devportal. But we received the following error.

-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \
-Dhttpclient.hostnameVerifier=AllowAll \

ERROR - [idp] Servlet.service() for servlet [idp] in context with path [/devportal] threw exception java.io.IOException: An exception occurred processing [/services/login/idp.jsp] at line [75]

72: HttpRequest getReq = HttpRequest.newBuilder() 73: .uri(URI.create(settingsAPIUrl)) 74: .build(); 75: HttpResponse<String> settingsResult = client.send(getReq, HttpResponse.BodyHandlers.ofString()); 76: 77: Gson gson = new GsonBuilder().setPrettyPrinting().create(); 78: Map settingsResponse = gson.fromJson(settingsResult.body(), Map.class);

Stacktrace: at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:494) ~[tomcat_9.0.85.wso2v1.jar:?]

Caused by: java.io.IOException: No name matching localhost found at jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:565) ~[java.net.http:?] at jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:119) ~[java.net.http:?] at org.apache.jsp.services.login.idp_jsp._jspService(idp_jsp.java:206) ~[?:?] at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) ~[tomcat_9.0.85.wso2v1.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) ~[tomcat-servlet-api_9.0.85.wso2v1.jar:?] at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:466) ~[tomcat_9.0.85.wso2v1.jar:?] ... 42 more Caused by: javax.net.ssl.SSLHandshakeException: No name matching localhost found at sun.security.ssl.Alert.createSSLException(Alert.java:128) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:264) ~[?:?] at sun.security.ssl.TransportContext.fatal(TransportContext.java:259) ~[?:?] at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642) ~[?:?]

Steps to Reproduce

  1. Remove the localhost from client-trustore.jks
  2. Import a certificate with different CN.
  3. Disable the hostname verification, adding the following parameters to the api-manager.sh
-Dorg.opensaml.httpclient.https.disableHostnameVerification=true \
-Dhttpclient.hostnameVerifier=AllowAll \

Affected Component

APIM

Version

4.2.0

Environment Details (with versions)

No response

Relevant Log Output

No response

Related Issues

No response

Suggested Labels

No response

ShehanRavindu avatar Jul 04 '24 14:07 ShehanRavindu