SSLPeerUnverifiedException: Hostname not verified:

charlee.ch · June 26, 2018, 9:00am

I’m using SonarLint for Eclipse version 3.6.0.201806071228 during the adding new SonarQube Servers there is an error message as

Fail to request https://myhost/sonar/api/system/status

I also have a chance to look at Eclipse log from .metadata/.log and found some exceptions as the following: -

java.lang.IllegalStateException: Fail to request https://myhost/sonar/api/system/status
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:195)
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.get(HttpConnector.java:121)
    ...
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname myhost not verified:
certificate: sha256/PodNMADG18N4nZRIKTVuyWJeptKpt3kuf0ki764t4Ag=
DN: EMAILADDRESS=..., CN=myhost , OU=..., O=..., L=..., ST=..., C=...
subjectAltNames: []
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:270)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:162)

I can confirm that the myhost at the URL is the same as at the certificate CN.

This server, myhost, servers the https for several services including with Artifactory, GitLab and especially the SonarQube. Both Artifactory and GitLab is able to be connected via the M2E and EGit via the https properly, except the SonarLint.

Furthermore I am able to execute the mvn sonar:sonar to perform an analysis against the SonarQube via https, too.

Please note, that certificate is signed by my own root certificate which is generated by OpenSSL. I also inject that root certificate to my JDK/jre/lib/security/cacerts. The Eclipse and my workspace also point to the same JDK location.

Could you please help to advise how to solve this issue?

Julien_HENRY · June 29, 2018, 7:15am

Hi Charlee,

I can’t think of anything except a certificate or truststore misconfiguration. SonarLint for Eclipse relies on the SSL configuration of the JVM that use to start Eclipse.

++

ravi_kumar_singh · August 14, 2018, 11:54am

I also had the same error stack with SSLPeerUnverfiedException. Even though JVM used by eclipse (Photon) had the certificate installed.
I was looking for solution on the web and I could not find any. So, I tried downgrading SonarLint plugin in eclipse to 3.2 version (initially 3.6). And it worked.
Just posting this comment to help any other developer looking for interim fix.

NicoB · August 16, 2018, 8:56am

Hi Ravi,

Thanks for the heads-up. Downgrading SonarLint certainly isn’t an optimal workaround, as it prevents you from benefiting of all latest features. For any SSL-related error that remains mysterious after a first investigation, I would suggest the following tricks: Debugging SSL/TLS connections , using javax.net.debug (in the case of Eclipse you might have to use that in your eclipse.ini). This can help understand in details why the handshake fails.

Ciprian_Radu · November 6, 2018, 1:09pm

I have the same problem with SonarLint 4 and 3.6.0. SonarLint 3.3.1 (https://bintray.com/sonarsource/SonarLint-for-Eclipse/releases/3.3.1) works for me.

Julien_HENRY · January 10, 2020, 1:29pm

See my answer on this post: