SSLPeerUnverifiedException: Hostname not verified:

ssl
eclipse
sonarlint

(Charlee Chitsuk) #1

I’m using SonarLint for Eclipse version 3.6.0.201806071228 during the adding new SonarQube Servers there is an error message as

Fail to request https://myhost/sonar/api/system/status

I also have a chance to look at Eclipse log from .metadata/.log and found some exceptions as the following: -

java.lang.IllegalStateException: Fail to request https://myhost/sonar/api/system/status
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:195)
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.get(HttpConnector.java:121)
    ...
Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname myhost not verified:
certificate: sha256/PodNMADG18N4nZRIKTVuyWJeptKpt3kuf0ki764t4Ag=
DN: EMAILADDRESS=..., CN=myhost , OU=..., O=..., L=..., ST=..., C=...
subjectAltNames: []
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:316)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:270)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:162)

I can confirm that the myhost at the URL is the same as at the certificate CN.

This server, myhost, servers the https for several services including with Artifactory, GitLab and especially the SonarQube. Both Artifactory and GitLab is able to be connected via the M2E and EGit via the https properly, except the SonarLint.

Furthermore I am able to execute the mvn sonar:sonar to perform an analysis against the SonarQube via https, too.

Please note, that certificate is signed by my own root certificate which is generated by OpenSSL. I also inject that root certificate to my JDK/jre/lib/security/cacerts. The Eclipse and my workspace also point to the same JDK location.

Could you please help to advise how to solve this issue?


(Julien Henry) #2

Hi Charlee,

I can’t think of anything except a certificate or truststore misconfiguration. SonarLint for Eclipse relies on the SSL configuration of the JVM that use to start Eclipse.

++


(Ravi Kumar Singh) #3

I also had the same error stack with SSLPeerUnverfiedException. Even though JVM used by eclipse (Photon) had the certificate installed.
I was looking for solution on the web and I could not find any. So, I tried downgrading SonarLint plugin in eclipse to 3.2 version (initially 3.6). And it worked.
Just posting this comment to help any other developer looking for interim fix.


(Nicolas Bontoux) #4

Hi Ravi,

Thanks for the heads-up. Downgrading SonarLint certainly isn’t an optimal workaround, as it prevents you from benefiting of all latest features. For any SSL-related error that remains mysterious after a first investigation, I would suggest the following tricks: Debugging SSL/TLS connections , using javax.net.debug (in the case of Eclipse you might have to use that in your eclipse.ini). This can help understand in details why the handshake fails.


(Ciprian Radu) #5

I have the same problem with SonarLint 4 and 3.6.0. SonarLint 3.3.1 (https://bintray.com/sonarsource/SonarLint-for-Eclipse/releases/3.3.1) works for me.