X Tutup
Skip to content

Support for cert.pem files that contain multiple certificates #294

New issue
New issue
Closed
Closed
Support for cert.pem files that contain multiple certificates#294
@cbarbara-okta

Description

@cbarbara-okta
cbarbara-okta
opened on Aug 13, 2015

If you are not working with self-signed certificates, it is possible that your cert.pem file contains a certificate chain. The current code only reads in the first certificate from the file which can lead to a SSLHandshakeException when connecting to a remote docker host.

javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    at com.github.dockerjava.jaxrs.connector.ApacheConnector.apply(ApacheConnector.java:490) ~[docker-java-2.0.0.jar:na]
    at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:246) ~[jersey-client-2.11.jar:na]
    at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:667) ~[jersey-client-2.11.jar:na]
    at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:664) ~[jersey-client-2.11.jar:na]
    at org.glassfish.jersey.internal.Errors.process(Errors.java:315) ~[jersey-common-2.11.jar:na]
    at org.glassfish.jersey.internal.Errors.process(Errors.java:297) ~[jersey-common-2.11.jar:na]
    at org.glassfish.jersey.internal.Errors.process(Errors.java:228) ~[jersey-common-2.11.jar:na]
    at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:424) ~[jersey-common-2.11.jar:na]
    at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:664) ~[jersey-client-2.11.jar:na]
    at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:399) ~[jersey-client-2.11.jar:na]
    at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:303) ~[jersey-client-2.11.jar:na]
    at com.github.dockerjava.jaxrs.PingCmdExec.execute(PingCmdExec.java:23) ~[docker-java-2.0.0.jar:na]
    at com.github.dockerjava.jaxrs.PingCmdExec.execute(PingCmdExec.java:10) ~[docker-java-2.0.0.jar:na]
    at com.github.dockerjava.jaxrs.AbstrSyncDockerCmdExec.exec(AbstrSyncDockerCmdExec.java:24) ~[docker-java-2.0.0.jar:na]
    at com.github.dockerjava.core.command.AbstrDockerCmd.exec(AbstrDockerCmd.java:33) ~[docker-java-2.0.0.jar:na]
    ........
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_31]
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[na:1.8.0_31]
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2011) ~[na:1.8.0_31]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1113) ~[na:1.8.0_31]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) ~[na:1.8.0_31]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) ~[na:1.8.0_31]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_31]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) ~[okta-agent.base-02.00.00-000110.7b82943.jar:na]
    at com.github.dockerjava.jaxrs.connector.ApacheConnector.apply(ApacheConnector.java:443) ~[docker-java-2.0.0.jar:na]
    ... 24 common frames omitted

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      X Tutup