[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jgit-dev] GitServlet, http.sslVerify=false, and hostnames
|
I'm a little confused about a great many things, but today I'm confused
about http.sslVerify=false.
Granted, I'm not an expert on certificates and ssl, but the observed
behavior of EGit/JGit does not match my expectation.
Maybe my expectations are wrong.
Here is my test procedure:
1. I generate a self-signed certificate for my servlet container with my
hostname.
2. I confirm the certificate is working by allowing a security exception
with my browser and viewing some pages over https.
3. I setup EGit for http.sslVerify=false and successfully clone/push
using the _hostname_ in my clone/push url.
Hooray, http.sslVerify=false is working.
4. Now I try to clone/push using the _ipaddress_ in my clone/push url.
(Or maybe a different hostname that points to the same server.)
No joy. "Cannot get remote repository refs. Reason:
https:/nnn.nnn.nnn.nnn/...: cannot open git-upload-pack"
Ok. So now I create a unit test to see what the Real problem is:
Caused by: java.io.IOException: HTTPS hostname wrong: should be
<localhost>
at
sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:524)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:448)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
at
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
at
org.eclipse.jgit.util.HttpSupport.response(HttpSupport.java:167)
at
org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:429)
... 26 more
I expected this to work because I set http.sslVerify=false.
So.... is this an oversight? Or is my expectation incorrect?
Thanks,
-J