Bug 1102480
Summary: | [zanata-client] Problem with SSL certificates when running against translate.zanata.org | ||
---|---|---|---|
Product: | [Retired] Zanata | Reporter: | Ding-Yi Chen <dchen> |
Component: | Component-zanata-client | Assignee: | Patrick Huang <pahuang> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ding-Yi Chen <dchen> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 3.4 | CC: | camunoz, dchen, fche, pahuang, sflaniga, tagoh, zanata-bugs |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | zanata-client-3.3.2-3 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | 1102465 | Environment: | |
Last Closed: | 2014-07-30 05:41:40 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1102465, 1103931 | ||
Bug Blocks: |
Description
Ding-Yi Chen
2014-05-29 04:25:13 UTC
any plans to see an update for this on f20? Until bug 1103931 is fixed, we cannot push the fix without breaking the package guideline. In the mean time, please use maven plugin instead. (In reply to Ding-Yi Chen from comment #2) > Until bug 1103931 is fixed, we cannot push the fix without breaking the > package guideline. > > In the mean time, please use maven plugin instead. how? I'm not familiar with it. We need to back-port the fix for bug 1102465 to F19 and F20. As a potential workaround, https://github.com/zanata/zanata-client-ivy is probably easier to adjust to (for users coming from zanata-client) than the maven plugin. I think this may be blocked (at least on F20) by bug 1077978. May also need to backport the disable ssl cert option in F19 (In reply to Sean Flanigan from comment #4) > We need to back-port the fix for bug 1102465 to F19 and F20. > > As a potential workaround, https://github.com/zanata/zanata-client-ivy is > probably easier to adjust to (for users coming from zanata-client) than the > maven plugin. thanks. zanata-client-ivy works fine on f20 even. The fix for bug 1102465 has been back-ported to work with httpcomponents-client 4.2 (as found in Fedora 19/20): https://github.com/zanata/zanata-client/pull/28 zanata-client-3.3.2-3.fc20 is in fedora 20 update-testing repo. zanata-client-2.2.0-4.fc19 is in fedora 19 update-testing repo. http://koji.fedoraproject.org/koji/search?terms=zanata-client-2.2.0-4.fc19&type=build&match=glob VERIFIED with zanata-client-3.3.2-3.fc20 Tested with zanata-client-2.2.0-4.fc19.noarch zanata-cli -e pull --url https://translate.zanata.org/zanata/ --username <USERNAME> --key <KEY> --project <PRJ> --project-version <VER> -s . -t . --project-type <PRJ_TYPE> --locales <LOCALES> WARN] exception processing request javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437) at org.zanata.rest.client.ZanataProxyFactory$1.connectSocket(ZanataProxyFactory.java:132) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.zanata.rest.client.TraceDebugInterceptor.execute(TraceDebugInterceptor.java:81) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.zanata.rest.client.ApiKeyHeaderDecorator.execute(ApiKeyHeaderDecorator.java:42) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:674) at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:110) at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:88) at com.sun.proxy.$Proxy32.get(Unknown Source) at org.zanata.rest.client.ZanataProxyFactory.<init>(ZanataProxyFactory.java:81) at org.zanata.rest.client.ZanataProxyFactory.<init>(ZanataProxyFactory.java:68) at org.zanata.client.commands.OptionsUtil.createRequestFactory(OptionsUtil.java:155) at org.zanata.client.commands.PushPullCommand.<init>(PushPullCommand.java:90) at org.zanata.client.commands.pull.PullCommand.<init>(PullCommand.java:60) at org.zanata.client.commands.pull.PullOptionsImpl.initCommand(PullOptionsImpl.java:60) at org.zanata.client.commands.ArgsUtil.process(ArgsUtil.java:82) at org.zanata.client.ZanataClient.processArgs(ZanataClient.java:150) at org.zanata.client.ZanataClient.main(ZanataClient.java:45) [ERROR] Execution failed: java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:114) at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:88) at com.sun.proxy.$Proxy32.get(Unknown Source) at org.zanata.rest.client.ZanataProxyFactory.<init>(ZanataProxyFactory.java:81) at org.zanata.rest.client.ZanataProxyFactory.<init>(ZanataProxyFactory.java:68) at org.zanata.client.commands.OptionsUtil.createRequestFactory(OptionsUtil.java:155) at org.zanata.client.commands.PushPullCommand.<init>(PushPullCommand.java:90) at org.zanata.client.commands.pull.PullCommand.<init>(PullCommand.java:60) at org.zanata.client.commands.pull.PullOptionsImpl.initCommand(PullOptionsImpl.java:60) at org.zanata.client.commands.ArgsUtil.process(ArgsUtil.java:82) at org.zanata.client.ZanataClient.processArgs(ZanataClient.java:150) at org.zanata.client.ZanataClient.main(ZanataClient.java:45) Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437) at org.zanata.rest.client.ZanataProxyFactory$1.connectSocket(ZanataProxyFactory.java:132) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.zanata.rest.client.TraceDebugInterceptor.execute(TraceDebugInterceptor.java:81) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.zanata.rest.client.ApiKeyHeaderDecorator.execute(ApiKeyHeaderDecorator.java:42) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:674) at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:110) ... 11 more Are you using Java 1.7? There should have been a warning in the log if you weren't. Java 1.6 can't handle SNI. works for me in my f19 virtual box. Turn out my test case triggered Bug 1123204. In terms of this bug, it shoule be verified. BTW, by default, Fedora 19 ship with java-1.7.0-openjdk-1.7.0.65-2.5.1.2.fc19.x86_64 Pushed to stable in f19 and f20 |