Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1245

Openfire fails to parse the subject alternate name of certs it generated itself.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.1.0
    • Component/s: None
    • Labels:
      None

      Description

      On the first start of a fresh installation of Openfire (after setup was completed), this is being logged:

      org.jivesoftware.util.cert.SANCertificateIdentityMapping - Unable to parse a byte array (of length 29) as a subjectAltName 'otherName'. It is ignored
      .
      java.lang.ClassCastException: org.bouncycastle.asn1.DERTaggedObject cannot be cast to org.bouncycastle.asn1.ASN1String
              at org.jivesoftware.util.cert.SANCertificateIdentityMapping.parseOtherNameXmppAddr(SANCertificateIdentityMapping.java:213)
              at org.jivesoftware.util.cert.SANCertificateIdentityMapping.parseOtherName(SANCertificateIdentityMapping.java:160)
              at org.jivesoftware.util.cert.SANCertificateIdentityMapping.mapIdentity(SANCertificateIdentityMapping.java:75)
              at org.jivesoftware.util.CertificateManager.getServerIdentities(CertificateManager.java:330)
              at org.jivesoftware.openfire.keystore.IdentityStore.containsDomainCertificate(IdentityStore.java:364)
              at org.jivesoftware.openfire.admin.index_jsp._jspService(index_jsp.java:226)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
              at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
              at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
              at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
              at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
              at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
              at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:76)
              at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
              at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:53)
              at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
              at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:226)
              at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
              at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:162)
              at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
              at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
              at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
              at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
              at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
              at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
              at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
              at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
              at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
              at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
              at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
              at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
              at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
              at org.eclipse.jetty.server.Server.handle(Server.java:499)
              at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
              at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
              at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
              at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
              at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
              at java.lang.Thread.run(Thread.java:745)
      

      Openfire generates a self-signed certificate, that includes a subject alternative name. Apparently, Openfire cannot parse the value that it generated itself.

        Attachments

          Activity

            People

            Assignee:
            dwd Dave Cridland
            Reporter:
            guus Guus der Kinderen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: