com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]

Atlassian JIRA | Amanda Wei [Atlassian] | 4 years ago
  1. 0

    h4. Symptoms When connecting a directory to LDAP via SSL you will see an error like this in the web browser: {quote}Connection test failed. Response from the server: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]{quote} In the log file there will be an entry like this: {noformat} 2012-11-18 18:46:38,147 QuartzWorker-1 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ]. com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:416) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:384) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:574) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:944) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:41) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:60) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34) at org.quartz.core.JobRunShell.run(JobRunShell.java:195) at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) Caused by: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:98) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:138) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:94) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:65) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:56) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:412) ... 13 more Caused by: javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.sun.jndi.ldap.Connection.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) ... 26 more Caused by: java.lang.RuntimeException: Unable to set hostname verification on SSLSocket at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:85) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:125) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.sun.jndi.ldap.Connection.createSocket(Unknown Source) ... 41 more Caused by: java.lang.NoSuchMethodException: sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String) at java.lang.Class.getMethod(Unknown Source) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80) ... 47 more {noformat} h4. Steps to Reproduce # Run JIRA using Java 7, not Java 6 - Java 7 is listed as a supported platform # Import SSL certificate of the LDAP server into JIRA's JVM keystore as per normal procedure # Add an LDAP directory, attempt to configure using SSL # Observe the error message and log entry described above h4. Workaround Use Java 6

    Atlassian JIRA | 4 years ago | Amanda Wei [Atlassian]
    com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]
  2. 0

    h4. Symptoms When connecting a directory to LDAP via SSL you will see an error like this in the web browser: {quote}Connection test failed. Response from the server: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]{quote} In the log file there will be an entry like this: {noformat} 2012-11-18 18:46:38,147 QuartzWorker-1 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 10000 ]. com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:416) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:384) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:574) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:944) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:41) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:60) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34) at org.quartz.core.JobRunShell.run(JobRunShell.java:195) at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) Caused by: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:98) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:138) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:94) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:65) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:56) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:412) ... 13 more Caused by: javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.sun.jndi.ldap.Connection.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source) at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) ... 26 more Caused by: java.lang.RuntimeException: Unable to set hostname verification on SSLSocket at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:85) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:125) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.sun.jndi.ldap.Connection.createSocket(Unknown Source) ... 41 more Caused by: java.lang.NoSuchMethodException: sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String) at java.lang.Class.getMethod(Unknown Source) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80) ... 47 more {noformat} h4. Steps to Reproduce # Run JIRA using Java 7, not Java 6 - Java 7 is listed as a supported platform # Import SSL certificate of the LDAP server into JIRA's JVM keystore as per normal procedure # Add an LDAP directory, attempt to configure using SSL # Observe the error message and log entry described above h4. Workaround Use Java 6

    Atlassian JIRA | 4 years ago | Amanda Wei [Atlassian]
    com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]
  3. 0

    [CONF-26523] Can't connect to LDAP over SSL when using Java 7 - Atlassian JIRA

    atlassian.com | 1 year ago
    com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    h3. Symptoms When connecting a directory to LDAP via SSL you will see an error like this in the web browser: {quote}Connection test failed. Response from the server: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]{quote} In the log file there will be an entry like this: {code:none}012-09-05 16:59:49,184 ERROR [scheduler_Worker-2] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 819201 ]. com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:416) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:384) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:574) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:943) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:41) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:60) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:621) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:20) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:98) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:138) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:94) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:65) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:56) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:412) ... 14 more Caused by: javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.sun.jndi.ldap.Connection.<init>(Connection.java:214) at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1600) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) at javax.naming.InitialContext.init(InitialContext.java:242) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) ... 27 more Caused by: java.lang.RuntimeException: Unable to set hostname verification on SSLSocket at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:85) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:305) at com.sun.jndi.ldap.Connection.<init>(Connection.java:201) ... 41 more Caused by: java.lang.NoSuchMethodException: sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String) at java.lang.Class.getMethod(Class.java:1622) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80) ... 48 more{code} h3. Steps to Reproduce # Run Confluence using Java 7, not Java 6 - Java 7 is listed as a supported platform # Import SSL certificate of the LDAP server into Confluence's JVM keystore as per normal procedure # Add an LDAP directory, attempt to configure using SSL # Observe the error message and log entry described above h3. Workaround Use Java 6 h3. Cause I've pasted the original support case below, as it has a very detailed analysis of the cause: I am testing our upgrade to Confluence 4.x and I am finding that Confluence 4.x works fine with our configuration under Java 6, but fails under Java 7. If I shutdown, clear confluence-data/plugins-osgi-cache, switch to Java 6, and startup, it works. If I shutdown, clear confluence-data/plugins-osgi-cache, switch to Java 7, and startup it fails. In our environment, we use ldaps:// configuration to tie Confluence user management to our OpenLDAP servers. I don't want to provide our configuration here as it includes our internal hostname and authentication which should not need to be shared to reproduce or understand this issue. When running under Java 7, the error I get during startup (Embedded Crowd synchronization) and when I attempt to login (which fails) is: {noformat} Caused by: java.lang.RuntimeException: Unable to set hostname verification on SSLSocket at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:85) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:305) at com.sun.jndi.ldap.Connection.<init>(Connection.java:201) ... 41 more Caused by: java.lang.NoSuchMethodException: sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String) at java.lang.Class.getMethod(Class.java:1622) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80) ... 48 more {noformat} As I expect reproduction of our issue may be difficult, I performed my own investigation and found the following... In this file: crowd-ldap/src/main/java/com/atlassian/crowd/directory/ssl/LdapHostnameVerificationSSLSocketFactory.java It has this method: {code} ... /** * Accept a <code>sun.security.ssl.SSLSocketImpl</code> or a <code>com.sun.net.ssl.internal.ssl.SSLSocketImpl</code> * and invoke <code>trySetHostnameVerification("ldap")</code> through reflection. */ static void makeUseLdapVerification(Socket s) { ... try { Method m = c.getMethod("trySetHostnameVerification", METHOD_ARG_TYPES); m.invoke(s, "ldap"); } catch (NoSuchMethodException e) { throw new RuntimeException(UNABLE_TO_SET_MESSAGE, e); } ... } ... {code} Tracing the issue further by analyzing the Java source, I find that: - Java 6 provides a method sun.security.ssl.SSLEngineImpl.trySetHostnameVerification() which appears to be what Embedded Crowd is trying to find and use. - Java 7 does NOT provide this method. Therefore, the code works in Java 6, but fails in Java 7 with "throw new RuntimeException(UNABLE_TO_SET_MESSAGE, e);" which results in the stack trace we are receiving. My conclusion is that the combination of Confluence 4.x + Java 7 + secure LDAP is not currently working. However, Confluence 4.x + Java 6 + secure LDAP does work. The Embedded Crowd implementation needs to be modified to support Java 7 + secure LDAP and tested. Please analyze the above, confirm with the Embedded Crowd design team what the expectation is around why this method needs to be called and what it should do in Java 7, and document the problem on jira.atlassian.com using terminology which will be familiar to your team to expedite correction. For now, I plan on proceeding with Java 6 at this time, with a hope to change to Java 7 in the future when this issue is addressed. Thanks!

    Atlassian JIRA | 4 years ago | David Mason
    com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]
  6. 0

    h3. Symptoms When connecting a directory to LDAP via SSL you will see an error like this in the web browser: {quote}Connection test failed. Response from the server: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]{quote} In the log file there will be an entry like this: {code:none}012-09-05 16:59:49,184 ERROR [scheduler_Worker-2] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 819201 ]. com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:416) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:384) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:574) at com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:943) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:41) at com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:60) at com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:621) at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63) at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50) at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJobBean.executeInternal(DirectoryPollerJobBean.java:29) at org.springframework.scheduling.quartz.QuartzJobBean.execute(QuartzJobBean.java:86) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at com.atlassian.confluence.schedule.quartz.ConfluenceQuartzThreadPool$1.run(ConfluenceQuartzThreadPool.java:20) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549) Caused by: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:98) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:138) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:94) at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:65) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:56) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43) at com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:53) at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:412) ... 14 more Caused by: javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket] at com.sun.jndi.ldap.Connection.<init>(Connection.java:214) at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1600) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) at javax.naming.InitialContext.init(InitialContext.java:242) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) ... 27 more Caused by: java.lang.RuntimeException: Unable to set hostname verification on SSLSocket at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:85) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:305) at com.sun.jndi.ldap.Connection.<init>(Connection.java:201) ... 41 more Caused by: java.lang.NoSuchMethodException: sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String) at java.lang.Class.getMethod(Class.java:1622) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80) ... 48 more{code} h3. Steps to Reproduce # Run Confluence using Java 7, not Java 6 - Java 7 is listed as a supported platform # Import SSL certificate of the LDAP server into Confluence's JVM keystore as per normal procedure # Add an LDAP directory, attempt to configure using SSL # Observe the error message and log entry described above h3. Workaround Use Java 6 h3. Cause I've pasted the original support case below, as it has a very detailed analysis of the cause: I am testing our upgrade to Confluence 4.x and I am finding that Confluence 4.x works fine with our configuration under Java 6, but fails under Java 7. If I shutdown, clear confluence-data/plugins-osgi-cache, switch to Java 6, and startup, it works. If I shutdown, clear confluence-data/plugins-osgi-cache, switch to Java 7, and startup it fails. In our environment, we use ldaps:// configuration to tie Confluence user management to our OpenLDAP servers. I don't want to provide our configuration here as it includes our internal hostname and authentication which should not need to be shared to reproduce or understand this issue. When running under Java 7, the error I get during startup (Embedded Crowd synchronization) and when I attempt to login (which fails) is: {noformat} Caused by: java.lang.RuntimeException: Unable to set hostname verification on SSLSocket at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:85) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:144) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at com.sun.jndi.ldap.Connection.createSocket(Connection.java:305) at com.sun.jndi.ldap.Connection.<init>(Connection.java:201) ... 41 more Caused by: java.lang.NoSuchMethodException: sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String) at java.lang.Class.getMethod(Class.java:1622) at com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80) ... 48 more {noformat} As I expect reproduction of our issue may be difficult, I performed my own investigation and found the following... In this file: crowd-ldap/src/main/java/com/atlassian/crowd/directory/ssl/LdapHostnameVerificationSSLSocketFactory.java It has this method: {code} ... /** * Accept a <code>sun.security.ssl.SSLSocketImpl</code> or a <code>com.sun.net.ssl.internal.ssl.SSLSocketImpl</code> * and invoke <code>trySetHostnameVerification("ldap")</code> through reflection. */ static void makeUseLdapVerification(Socket s) { ... try { Method m = c.getMethod("trySetHostnameVerification", METHOD_ARG_TYPES); m.invoke(s, "ldap"); } catch (NoSuchMethodException e) { throw new RuntimeException(UNABLE_TO_SET_MESSAGE, e); } ... } ... {code} Tracing the issue further by analyzing the Java source, I find that: - Java 6 provides a method sun.security.ssl.SSLEngineImpl.trySetHostnameVerification() which appears to be what Embedded Crowd is trying to find and use. - Java 7 does NOT provide this method. Therefore, the code works in Java 6, but fails in Java 7 with "throw new RuntimeException(UNABLE_TO_SET_MESSAGE, e);" which results in the stack trace we are receiving. My conclusion is that the combination of Confluence 4.x + Java 7 + secure LDAP is not currently working. However, Confluence 4.x + Java 6 + secure LDAP does work. The Embedded Crowd implementation needs to be modified to support Java 7 + secure LDAP and tested. Please analyze the above, confirm with the Embedded Crowd design team what the expectation is around why this method needs to be called and what it should do in Java 7, and document the problem on jira.atlassian.com using terminology which will be familiar to your team to expedite correction. For now, I plan on proceeding with Java 6 at this time, with a hope to change to Java 7 in the future when this issue is addressed. Thanks!

    Atlassian JIRA | 4 years ago | David Mason
    com.atlassian.crowd.exception.OperationFailedException: org.springframework.ldap.CommunicationException: localhost:636; nested exception is javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.RuntimeException: Unable to set hostname verification on SSLSocket]

  1. davidvanlaatum 8 times, last 5 days ago
  2. filpgame 1 times, last 1 week ago
  3. bmacedo 3 times, last 2 weeks ago
  4. kjhdofjosvs 4 times, last 1 month ago
  5. eti22 1 times, last 1 month ago
42 more registered users
32 unregistered visitors
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. java.lang.NoSuchMethodException

    sun.security.ssl.SSLSocketImpl.trySetHostnameVerification(java.lang.String)

    at java.lang.Class.getMethod()
  2. Java RT
    Class.getMethod
    1. java.lang.Class.getMethod(Unknown Source)
    1 frame
  3. com.atlassian.crowd
    LdapHostnameVerificationSSLSocketFactory.createSocket
    1. com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.makeUseLdapVerification(LdapHostnameVerificationSSLSocketFactory.java:80)
    2. com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory.createSocket(LdapHostnameVerificationSSLSocketFactory.java:125)
    2 frames
  4. Java RT
    InitialLdapContext.<init>
    1. sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    2. sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    3. sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    4. java.lang.reflect.Method.invoke(Unknown Source)
    5. com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
    6. com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    7. com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    8. com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
    9. com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    10. com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    11. com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
    12. com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
    13. com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
    14. com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    15. javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    16. javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    17. javax.naming.InitialContext.init(Unknown Source)
    18. javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
    18 frames
  5. spring-ldap-core
    LdapTemplate.search
    1. org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
    2. org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
    3. org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
    4. org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:138)
    5. org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:94)
    6. org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:65)
    7. org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:287)
    8. org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:237)
    9. org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:624)
    10. org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:535)
    10 frames
  6. com.atlassian.crowd
    DirectoryPollerJob.execute
    1. com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:56)
    2. com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper$1.call(LdapTemplateWithClassLoaderWrapper.java:53)
    3. com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.invokeWithContextClassLoader(LdapTemplateWithClassLoaderWrapper.java:43)
    4. com.atlassian.crowd.directory.ldap.LdapTemplateWithClassLoaderWrapper.search(LdapTemplateWithClassLoaderWrapper.java:53)
    5. com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:412)
    6. com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:384)
    7. com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:574)
    8. com.atlassian.crowd.directory.SpringLDAPConnector.searchUsers(SpringLDAPConnector.java:944)
    9. com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.findAllRemoteUsers(RemoteDirectoryCacheRefresher.java:41)
    10. com.atlassian.crowd.directory.ldap.cache.RemoteDirectoryCacheRefresher.synchroniseAllUsers(RemoteDirectoryCacheRefresher.java:60)
    11. com.atlassian.crowd.directory.ldap.cache.AbstractCacheRefresher.synchroniseAll(AbstractCacheRefresher.java:40)
    12. com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
    13. com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
    14. com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
    15. com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
    15 frames
  7. quartz
    JobRunShell.run
    1. org.quartz.core.JobRunShell.run(JobRunShell.java:195)
    1 frame
  8. com.atlassian.multitenant
    MultiTenantThreadPool$MultiTenantRunnable.run
    1. com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
    1 frame
  9. quartz
    SimpleThreadPool$WorkerThread.run
    1. org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
    1 frame