Monday, April 4, 2016

How to get rid of handshake alert: unrecognized_name

9:10:00 PM No comments

When I was trying to call a service via HTTPS I observed the below issue.

FATAL: Error verifying developer key: Failed to read server's response: handshake alert:  unrecognized_name
br.eti.kinoshita.testlinkjavaapi.util.TestLinkAPIException: Error verifying developer key: Failed to read server's response: handshake alert:  unrecognized_name
 at br.eti.kinoshita.testlinkjavaapi.MiscService.checkDevKey(MiscService.java:63)
 at br.eti.kinoshita.testlinkjavaapi.TestLinkAPI.<init>(TestLinkAPI.java:144)
 at hudson.plugins.testlink.TestLinkBuilder.getTestLinkSite(TestLinkBuilder.java:318)
 at hudson.plugins.testlink.TestLinkBuilder.perform(TestLinkBuilder.java:197)
 at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
 at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:782)
 at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.build(MavenModuleSetBuild.java:906)
 at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.doRun(MavenModuleSetBuild.java:857)
 at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:534)
 at hudson.model.Run.execute(Run.java:1738)
 at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529)
 at hudson.model.ResourceController.execute(ResourceController.java:98)
 at hudson.model.Executor.run(Executor.java:410)
Caused by: org.apache.xmlrpc.XmlRpcException: Failed to read server's response: handshake alert:  unrecognized_name
 at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:161)
 at org.apache.xmlrpc.client.XmlRpcHttpTransport.sendRequest(XmlRpcHttpTransport.java:143)
 at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.sendRequest(XmlRpcSunHttpTransport.java:69)
 at org.apache.xmlrpc.client.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:56)
 at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:167)
 at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:158)
 at org.apache.xmlrpc.client.XmlRpcClient.execute(XmlRpcClient.java:147)
 at br.eti.kinoshita.testlinkjavaapi.BaseService.executeXmlRpcCall(BaseService.java:90)
 at br.eti.kinoshita.testlinkjavaapi.MiscService.checkDevKey(MiscService.java:60)
 ... 12 more
Caused by: javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
 at sun.security.ssl.ClientHandshaker.handshakeAlert(ClientHandshaker.java:1292)
 at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1952)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
 at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1091)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
 at org.apache.xmlrpc.client.XmlRpcSunHttpTransport.writeRequest(XmlRpcSunHttpTransport.java:104)
 at org.apache.xmlrpc.client.XmlRpcStreamTransport.sendRequest(XmlRpcStreamTransport.java:151)
 ... 20 more
ERROR: Error communicating with TestLink. Check your TestLink configuration.
Finished: FAILURE

The reason for this issue is the server sends an unrecognized host in the time of handshake. And java client fails due to this. Most other clients will ignore this alert and proceed but from JAVA 7 this doesn't work like that.

This can happen due to misconfigurations in the servers. If you come across the above issue there are several ways to get this resolved. You can use the method 1 if you do not have accesses to the remote server.

 1. By disabling SNI verification.

 This is one of the workarounds you can follow, you can simply set the following JVM property at the client side.
-Djsse.enableSNIExtension=false

e.g : In the below example I have set this property to TomCat run-time. So SNI will be disabled globally. You can do this in class level as well.
export CATALINA_OPTS="-Djsse.enableSNIExtension=false"

2. By modifying Apche2 configurations. 

 In Apache2 server configurations make sure you have set the following parameters

 ServerName testlinkstaging.wso2.com
ServerAlias testlinkstaging.wso2.com

 Full configs will look like following.
<VirtualHost testlinkstaging.wso2.com:443>
    ServerName testlinkstaging.wso2.com
    ServerAlias testlinkstaging.wso2.com
    SSLEngine on
    SSLCertificateFile  /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/testlink

</VirtualHost>


That's it, If everything is set properly you should be able to access the SSL endpoint.

Please drop a comment if you have any queries.
Categories: , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Subscribe to RSS Feed Follow me on Twitter!