Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: JRuby 1.6.4, JRuby 1.6.5
    • Fix Version/s: JRuby-OSSL 0.7.5
    • Component/s: OpenSSL
    • Labels:
      None
    • Environment:
      Mac OSx, Linux
    • Number of attachments :
      0

      Description

      Connected to https to the following domain: https://secure.ally.com with certificate verification enabled.

      Here is the server certificate returned:

      -----BEGIN CERTIFICATE----- 
      MIIFLDCCBBSgAwIBAgIETCBFODANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC 
      VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 
      Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW 
      KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp 
      Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMTA2MjEyMDE3NDVaFw0xMzA5MjIx 
      MTA4NDVaMIHRMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDEQMA4GA1UEBxMH 
      TUlEVkFMRTETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRV 
      dGFoMRIwEAYDVQQKEwlBbGx5IEJhbmsxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5p 
      emF0aW9uMRMwEQYDVQQLEwpXZWIgQ2xpZW50MS0wEwYDVQQFEww1NjIxNjcwLTAx 
      NDIwFgYDVQQDEw9zZWN1cmUuYWxseS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB 
      DwAwggEKAoIBAQCVIT4+fFGSP7iSJUM9dFOStLM73qIJVnxWUnf8AvaNLIXBns3J 
      ReOqvcmES++5tbMbLgTSspBdPhV7EiBrF8ZT9WpnYGCyhjulNoaULgZtd8aLzAn7 
      D98QrkZmA0zKeGlUdFYagxNrWyNC2y2FqLhOuturfw12iW3mCgRPpZP5H0+1AUd+ 
      zmDvYGHB0n9+uudwPc4Myi6xa0DbZqThlvjTmJUbB/rEZcf8jxb7dhpW7rHRSBND 
      25PJXzHBK/KeTd1ZfFFu1QdP0DxsAXUBOmd41/qmu3WuP/k3XQSNP1UxZyBnH4iJ 
      SyyBMal6JeqAs+U/cFVIfEpBWB2xzteYnOINAgMBAAGjggEoMIIBJDALBgNVHQ8E 
      BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGCCsGAQUFBwEB 
      BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0f 
      BCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFlLmNybDBB 
      BgNVHSAEOjA4MDYGCmCGSAGG+mwKAQIwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3 
      dy5lbnRydXN0Lm5ldC9ycGEwHwYDVR0jBBgwFoAUW0GKssRDwb2/yFRBVZ3glq3/ 
      uaEwHQYDVR0OBBYEFH+oWBa4jDYaleW1GRiN5oKkmtc0MAkGA1UdEwQCMAAwDQYJ 
      KoZIhvcNAQEFBQADggEBAK1d5Nr2XpTqPnCH8tLhiV0/XBPlAZzJfH3qy3TUD+qc 
      jf1H2wmRiU40gU1LG5ma38qRHktkWRYmgjbhg87yMt0whSJhwm87/5Ov/9M/5JYz 
      rsEwD9JK21nbk/aMzDR/ExjakjEyh8jRZKge1MCaAvocfIQFliMP8CxaXR3YPokg 
      HHfhRrfRNN0rshWjPKFn9xUyABEhI2BkLfYGIQlgRO/a5jcE5aY2LyEtzluFqg7W 
      YVocGtM6udu6A2TRIWcbxSWRkjM91cVslWIPNlulgM4p6LF72uMDrZgaez3G7RAx 
      556okA2klvjA7yzSxfQiP3maZgXXlCTWuw7GUD6bRAM= 
      -----END CERTIFICATE----- 
      

      The error I receive is "hostname was not match with the server certificate" from lib/openssl/ssl.rb#121

      After some debugging, it appears that the certificate subject is not being parsed correctly and the CN field is being dropped.

        Issue Links

          Activity

          Hiroshi Nakamura made changes -
          Field Original Value New Value
          Assignee Hiroshi Nakamura [ nahi ]
          Priority Minor [ 4 ] Major [ 3 ]
          Description Connected to https to the following domain: https://secure.ally.com with certificate verification enabled.

          Here is the server certificate returned:

          -----BEGIN CERTIFICATE-----
          MIIFLDCCBBSgAwIBAgIETCBFODANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
          VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
          Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
          KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
          Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMTA2MjEyMDE3NDVaFw0xMzA5MjIx
          MTA4NDVaMIHRMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDEQMA4GA1UEBxMH
          TUlEVkFMRTETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRV
          dGFoMRIwEAYDVQQKEwlBbGx5IEJhbmsxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5p
          emF0aW9uMRMwEQYDVQQLEwpXZWIgQ2xpZW50MS0wEwYDVQQFEww1NjIxNjcwLTAx
          NDIwFgYDVQQDEw9zZWN1cmUuYWxseS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
          DwAwggEKAoIBAQCVIT4+fFGSP7iSJUM9dFOStLM73qIJVnxWUnf8AvaNLIXBns3J
          ReOqvcmES++5tbMbLgTSspBdPhV7EiBrF8ZT9WpnYGCyhjulNoaULgZtd8aLzAn7
          D98QrkZmA0zKeGlUdFYagxNrWyNC2y2FqLhOuturfw12iW3mCgRPpZP5H0+1AUd+
          zmDvYGHB0n9+uudwPc4Myi6xa0DbZqThlvjTmJUbB/rEZcf8jxb7dhpW7rHRSBND
          25PJXzHBK/KeTd1ZfFFu1QdP0DxsAXUBOmd41/qmu3WuP/k3XQSNP1UxZyBnH4iJ
          SyyBMal6JeqAs+U/cFVIfEpBWB2xzteYnOINAgMBAAGjggEoMIIBJDALBgNVHQ8E
          BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGCCsGAQUFBwEB
          BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0f
          BCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFlLmNybDBB
          BgNVHSAEOjA4MDYGCmCGSAGG+mwKAQIwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3
          dy5lbnRydXN0Lm5ldC9ycGEwHwYDVR0jBBgwFoAUW0GKssRDwb2/yFRBVZ3glq3/
          uaEwHQYDVR0OBBYEFH+oWBa4jDYaleW1GRiN5oKkmtc0MAkGA1UdEwQCMAAwDQYJ
          KoZIhvcNAQEFBQADggEBAK1d5Nr2XpTqPnCH8tLhiV0/XBPlAZzJfH3qy3TUD+qc
          jf1H2wmRiU40gU1LG5ma38qRHktkWRYmgjbhg87yMt0whSJhwm87/5Ov/9M/5JYz
          rsEwD9JK21nbk/aMzDR/ExjakjEyh8jRZKge1MCaAvocfIQFliMP8CxaXR3YPokg
          HHfhRrfRNN0rshWjPKFn9xUyABEhI2BkLfYGIQlgRO/a5jcE5aY2LyEtzluFqg7W
          YVocGtM6udu6A2TRIWcbxSWRkjM91cVslWIPNlulgM4p6LF72uMDrZgaez3G7RAx
          556okA2klvjA7yzSxfQiP3maZgXXlCTWuw7GUD6bRAM=
          -----END CERTIFICATE-----


          The error I receive is "hostname was not match with the server certificate" from lib/openssl/ssl.rb#121

          After some debugging, it appears that the certificate subject is not being parsed correctly and the CN field is being dropped.




          Connected to https to the following domain: https://secure.ally.com with certificate verification enabled.

          Here is the server certificate returned:

          {noformat}
          -----BEGIN CERTIFICATE-----
          MIIFLDCCBBSgAwIBAgIETCBFODANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
          VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
          Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
          KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
          Y2F0aW9uIEF1dGhvcml0eSAtIEwxRTAeFw0xMTA2MjEyMDE3NDVaFw0xMzA5MjIx
          MTA4NDVaMIHRMQswCQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDEQMA4GA1UEBxMH
          TUlEVkFMRTETMBEGCysGAQQBgjc8AgEDEwJVUzEVMBMGCysGAQQBgjc8AgECEwRV
          dGFoMRIwEAYDVQQKEwlBbGx5IEJhbmsxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5p
          emF0aW9uMRMwEQYDVQQLEwpXZWIgQ2xpZW50MS0wEwYDVQQFEww1NjIxNjcwLTAx
          NDIwFgYDVQQDEw9zZWN1cmUuYWxseS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
          DwAwggEKAoIBAQCVIT4+fFGSP7iSJUM9dFOStLM73qIJVnxWUnf8AvaNLIXBns3J
          ReOqvcmES++5tbMbLgTSspBdPhV7EiBrF8ZT9WpnYGCyhjulNoaULgZtd8aLzAn7
          D98QrkZmA0zKeGlUdFYagxNrWyNC2y2FqLhOuturfw12iW3mCgRPpZP5H0+1AUd+
          zmDvYGHB0n9+uudwPc4Myi6xa0DbZqThlvjTmJUbB/rEZcf8jxb7dhpW7rHRSBND
          25PJXzHBK/KeTd1ZfFFu1QdP0DxsAXUBOmd41/qmu3WuP/k3XQSNP1UxZyBnH4iJ
          SyyBMal6JeqAs+U/cFVIfEpBWB2xzteYnOINAgMBAAGjggEoMIIBJDALBgNVHQ8E
          BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDMGCCsGAQUFBwEB
          BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZW50cnVzdC5uZXQwMwYDVR0f
          BCwwKjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFlLmNybDBB
          BgNVHSAEOjA4MDYGCmCGSAGG+mwKAQIwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3
          dy5lbnRydXN0Lm5ldC9ycGEwHwYDVR0jBBgwFoAUW0GKssRDwb2/yFRBVZ3glq3/
          uaEwHQYDVR0OBBYEFH+oWBa4jDYaleW1GRiN5oKkmtc0MAkGA1UdEwQCMAAwDQYJ
          KoZIhvcNAQEFBQADggEBAK1d5Nr2XpTqPnCH8tLhiV0/XBPlAZzJfH3qy3TUD+qc
          jf1H2wmRiU40gU1LG5ma38qRHktkWRYmgjbhg87yMt0whSJhwm87/5Ov/9M/5JYz
          rsEwD9JK21nbk/aMzDR/ExjakjEyh8jRZKge1MCaAvocfIQFliMP8CxaXR3YPokg
          HHfhRrfRNN0rshWjPKFn9xUyABEhI2BkLfYGIQlgRO/a5jcE5aY2LyEtzluFqg7W
          YVocGtM6udu6A2TRIWcbxSWRkjM91cVslWIPNlulgM4p6LF72uMDrZgaez3G7RAx
          556okA2klvjA7yzSxfQiP3maZgXXlCTWuw7GUD6bRAM=
          -----END CERTIFICATE-----
          {noformat}

          The error I receive is "hostname was not match with the server certificate" from lib/openssl/ssl.rb#121

          After some debugging, it appears that the certificate subject is not being parsed correctly and the CN field is being dropped.




          Hiroshi Nakamura made changes -
          Link This issue duplicates JRUBY-5834 [ JRUBY-5834 ]
          Hiroshi Nakamura made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Fix Version/s JRuby-OSSL 0.7.5 [ 17395 ]
          Resolution Fixed [ 1 ]

            People

            • Assignee:
              Hiroshi Nakamura
              Reporter:
              Peter Krimmel
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: