-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSLPeerUnverifiedException Hostname fd33:1a73:fa8f::1 not verified after upgrade to Boot 3.4.0 and Cloud 2024.0.0 #1813
Comments
Can you try setting the environment variable I am pretty sure this change altered the behavior. |
Unfortunately despite set env variable, no change in behavior. The host name is still getting verified:
I've double-checked this also by setting the respective system property instead of the env var, same result, host name is still getting verified. |
Sorry looks like the environment variable should be |
Unfortunately I am off until Monday but regarding the env var, one of my colleagues, @andibraeu, could give this a try. However apart from the slightly renamed env var name, should not also the system property you mentioned yield the same effect? Regarding the sample, I could provide one next week. I'll just shrink our project down, since this popped up in many repos and they're not that fancy, just some Kafka Listeners and a MongoDb. |
It could actually be us here... The code used to do:
and now it does:
I don't know this API too much, but I will do some reading and come back off-top: hats off for using Shenandoah! :) we use it also in production for quite some time |
It's a bit weird that you do not have the env variable
|
But the stacktrace seems to point to the Fabric8 code, I don't see anything pointing at InetAddress... |
ah, indeed, you're right. |
Wow, that did the trick. With this env var the update to Boot 3.4.0 and Cloud 2024.0.0 was successful. So two questions that arise on our side:
|
I am not a network expert here but I am having a hard time explaining this. This ip fd33:1a73:fa8f::1 is the shortened form of fd33:1a73:fa8f:0:0:0:0:1 which is listed in the subjectAltNames of the certificate. OKHttp takes this into account in its hostname verifier Maybe one thing to try would be to add fd33:1a73:fa8f::1 to the certificate and see if that makes things work. But to be honest this is an OKHTTP question, but my guess is there is something with your certificate that is causing an issue. |
@wind57 not sure if you see something I don't here |
a little caught up with other things, but will take a look soon |
If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed. |
Describe the bug
After the upgrade from Spring Boot 3.3.6 to 3.4.0 and Spring Cloud 2023.0.4 to 2024.0.0 we're experiencing issues regarding hostname verification which read like
There are various bug reports similar to this one available but they all date years back and are already closed.
I suspect the crucial change anywhere within
io.fabric8:kubernetes-client
between versions 6.9.2 (Cloud 2023.0.4) and 6.13.4 (Cloud 2024.0.0).From my understanding the address
fd33:1a73:fa8f::1
should be fine regarding verification.Did we miss something?
The text was updated successfully, but these errors were encountered: