Error retrieving metadata: SSLPeerUnverifiedException
Cantor, Scott
cantor.2 at osu.edu
Thu Aug 27 16:20:53 EDT 2015
On 8/27/15, 4:14 PM, "users on behalf of Baron Fujimoto" <users-bounces at shibboleth.net on behalf of baron at hawaii.edu> wrote:
>We now log the slightly different error with an IP addr instead of null
>javax.net.ssl.SSLPeerUnverifiedException: SSL peer failed hostname validation for name: 54.172.111.162
You're hitting Java's shiny new bug, discussed at length a few weeks ago on the list.
What JVM is it?
Regardless you should be verifying the signtaure on the metadata and simply set the flag to disregard the TLS connection. That's the best choice.
If you must, you can work around the bug, apparently by setting -Djdk.tls.trustNameService=true on the JVM.
-- Scott
More information about the users
mailing list