[Building Sakai] Sakai 2.9.3 Issue
Joshua Swink
jswink at ucmerced.edu
Tue Jun 17 11:06:19 PDT 2014
Assuming you haven't applied the fix in the following issue:
https://jira.sakaiproject.org/browse/SAK-23838
The help system normally tries to make a new connection to the local
machine to retrieve help documents. If SAKAPP01.sakaidmz.amc.edu resolves
to the netscaler, it could be getting back that SSL certificate and the
hostname within will not match, thus the exception. It depends on what
exactly SAKAPP01.sakaidmz.amc.edu resolves to, and whether there is any SSL
certificate on the application server etc. The patch from SAK-23838 might
be enough to fix the issue, but the symptoms aren't exactly the same.
Josh
On Tue, Jun 17, 2014 at 10:31 AM, McCarty, Matthew C <McCartM2 at mail.amc.edu>
wrote:
> Hi, we’re in middle of our Sakai 2.9.3 upgrade. We’ve released the
> system to our end users, and are noticing each time a user opens up the
> help, the following bug report is sent out. We have 3 application servers,
> with a netscaler in front. The netscaler is what houses our SSL
> certificate, as each app server does not contain the certificate. In this
> bug report, it looks like the tool is trying to look for a certificate with
> our server’s local host name, and it not the URL the user is connected on.
>
>
>
> From a user stand point, there are no error messages shown. The help tool
> works as you would expect. Any thoughts on why this is occurring? We’ve
> had this type of setup in production for many years, across multiple
> versions of Sakai and have never had this issue.
>
>
>
> Thanks in advance!
>
>
>
>
>
>
>
> bug-id: 9f2a0379-ff1a-404e-b4c0-195146b31e27
>
> user: mccartm2 (Matthew McCarty)
>
> email: McCartM2 at mail.amc.edu
>
> usage-session: b78b1683-b14e-4514-b5d0-bd40c43812e5
>
> stack-trace-digest: 1034305359817A6E1250D760547D7B540669F065
>
> sakai-version: 2.9.3
>
> service-version: RELEASE
>
> app-server: SAKAPP01
>
> user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/35.0.1916.153 Safari/537.36
>
> browser-id: Win-Mozilla
>
> IP: 167.244.213.104
>
> request-path: /portal/help/content.hlp
>
> time: Jun 17, 2014 13:28:08
>
>
>
>
>
> stack trace:
>
>
>
> org.sakaiproject.portal.api.PortalHandlerException:
> org.sakaiproject.tool.api.ToolException:
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No name matching
> SAKAPP01.sakaidmz.amc.edu found
>
> at
> org.sakaiproject.portal.charon.SkinnableCharonPortal.doGet(SkinnableCharonPortal.java:893)
>
> caused by: org.sakaiproject.tool.api.ToolException:
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No name matching
> SAKAPP01.sakaidmz.amc.edu found
>
> at
> org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1487)
>
> caused by: javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No name matching
> SAKAPP01.sakaidmz.amc.edu found
>
> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
>
> caused by: java.security.cert.CertificateException: No name matching
> SAKAPP01.sakaidmz.amc.edu found
>
> at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:208)
>
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)
>
> at
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
>
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203)
>
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
>
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
>
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
>
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
>
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
>
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
>
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
>
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
>
> at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
>
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
>
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
>
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
>
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
>
> at java.net.URL.openStream(URL.java:1037)
>
> at
> org.sakaiproject.tool.help.ContentServlet.doGet(ContentServlet.java:142)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)
>
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:487)
>
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:412)
>
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339)
>
> at org.sakaiproject.jsf.util.JsfTool.dispatch(JsfTool.java:137)
>
> at org.sakaiproject.tool.help.HelpJsfTool.dispatch(HelpJsfTool.java:96)
>
> at org.sakaiproject.jsf.util.JsfTool.doGet(JsfTool.java:241)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)
>
> at
> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:487)
>
> at
> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:379)
>
> at
> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339)
>
> at
> org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)
>
> at
> org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1487)
>
> at
> org.sakaiproject.portal.charon.handlers.HelpHandler.doHelp(HelpHandler.java:107)
>
> at
> org.sakaiproject.portal.charon.handlers.HelpHandler.doGet(HelpHandler.java:69)
>
> at
> org.sakaiproject.portal.charon.SkinnableCharonPortal.doGet(SkinnableCharonPortal.java:893)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>
> at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:695)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
>
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
>
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>
> at java.lang.Thread.run(Thread.java:724)
>
>
>
>
>
> Tool Placement:
>
> No Placement
>
>
>
>
>
> Request:
>
> : AuthType:null
>
> : CharEncoding:UTF-8
>
> : ContentLength:-1
>
> : ContentType:null
>
> : ContextPath:/portal
>
> : LocalAddress:167.244.213.54
>
> : LocalName:SAKAPP01.sakaidmz.amc.edu
>
> : LocalPort:443
>
> : Method:GET
>
> : PathInfo:/help/content.hlp
>
> : Protocol:HTTP/1.1
>
> : QueryString:docId=html/help.html
>
> : RemoteAddress:167.244.213.104
>
> : RemoteHost:167.244.213.104
>
> : RemotePort:24629
>
> : Requested URL:https://sakai.amc.edu/portal/help/content.hlp
>
> : Scheme:https
>
> : ServerName:sakai.amc.edu
>
> : Headers:
>
> : Header:host:sakai.amc.edu
>
> : Header:connection:keep-alive
>
> :
> Header:accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
>
> : Header:user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
>
> : Header:referer:
> https://sakai.amc.edu/portal/help/main?help=sakai.online
>
> : Header:accept-encoding:gzip,deflate,sdch
>
> : Header:accept-language:en-US,en;q=0.8
>
> : Header:cookie:---censored---
>
> : Parameters:
>
> : Parameter:docId:0:html/help.html
>
> : Attributes:
>
> :
> Attribute:sakai.character.encoding.done:sakai.character.encoding.done
>
> :
> Attribute:tool.url.manager:org.sakaiproject.portal.util.ToolURLManagerImpl at 64eb50b2
>
> :
> Attribute:sakai.html.body.onload:setMainFrameHeight('Mainhelp');setFocus(focus_path);
>
> : Attribute:javax.servlet.request.key_size:128
>
> : Attribute:sakai.filtered:sakai.filtered
>
> : Attribute:sakai.html.head.css:<link
> href="/library/skin/tool_base.css" type="text/css" rel="stylesheet"
> media="all" />
>
> <link href="/library/skin/neo-Amc2014/tool.css" type="text/css"
> rel="stylesheet" media="all" />
>
>
>
> :
> Attribute:sakai.session:org.sakaiproject.tool.impl.MySession at 9ad6e5e8
>
> :
> Attribute:javax.servlet.request.ssl_session:53a075b5fb2f139e0c53c236192f0ab997aa7163689e15e56ca7bd56dfe132ea
>
> : Attribute:sakai.html.head.css.skin:<link
> href="/library/skin/neo-Amc2014/tool.css" type="text/css" rel="stylesheet"
> media="all" />
>
>
>
> :
> Attribute:javax.servlet.request.ssl_session_id:53a075b5fb2f139e0c53c236192f0ab997aa7163689e15e56ca7bd56dfe132ea
>
> : Attribute:sakai.html.head.js:<script type="text/javascript"
> language="JavaScript" src="/library/js/headscripts.js"></script>
>
> <script type="text/javascript" language="JavaScript">var sakai = sakai ||
> {}; sakai.editor = sakai.editor || {}; sakai.locale = sakai.locale || {};
> sakai.locale.userCountry = 'US'; sakai.locale.userLanguage = 'en';
> sakai.locale.userLocale = 'en_US'; sakai.editor.collectionId =
> '/group/null/'; sakai.editor.enableResourceSearch = false;</script> <script
> type="text/javascript" language="JavaScript">var
> CKEDITOR_BASEPATH='/library/editor/ckeditor/';
>
> </script>
>
> <script type="text/javascript" language="JavaScript"
> src="/library/editor/ckeditor/ckeditor.js"></script>
>
> <script type="text/javascript" language="JavaScript"
> src="/library/editor/ckeditor.launch.js"></script>
>
>
>
> :
> Attribute:javax.servlet.request.ssl_session_mgr:org.apache.tomcat.util.net.jsse.JSSESupport at 14ff09e1
>
> : Attribute:sakai.html.head:<link
> href="/library/skin/tool_base.css" type="text/css" rel="stylesheet"
> media="all" />
>
> <link href="/library/skin/neo-Amc2014/tool.css" type="text/css"
> rel="stylesheet" media="all" /> <script type="text/javascript"
> language="JavaScript" src="/library/js/headscripts.js"></script>
>
> <script type="text/javascript" language="JavaScript">var sakai = sakai ||
> {}; sakai.editor = sakai.editor || {}; sakai.locale = sakai.locale || {};
> sakai.locale.userCountry = 'US'; sakai.locale.userLanguage = 'en';
> sakai.locale.userLocale = 'en_US'; sakai.editor.collectionId =
> '/group/null/'; sakai.editor.enableResourceSearch = false;</script> <script
> type="text/javascript" language="JavaScript">var
> CKEDITOR_BASEPATH='/library/editor/ckeditor/';
>
> </script>
>
> <script type="text/javascript" language="JavaScript"
> src="/library/editor/ckeditor/ckeditor.js"></script>
>
> <script type="text/javascript" language="JavaScript"
> src="/library/editor/ckeditor.launch.js"></script>
>
>
>
> : Attribute:sakai.html.head.css.base:<link
> href="/library/skin/tool_base.css" type="text/css" rel="stylesheet"
> media="all" />
>
>
>
> :
> Attribute:javax.servlet.request.cipher_suite:SSL_RSA_WITH_RC4_128_MD5
>
> Session:
>
> : Created:1403025414769
>
> : LastAccess:1403026088602
>
> : MaxInactive:3600
>
> : Attributes:
>
> : Attribute:portalskin:neoskin
>
>
>
>
>
> *Matthew McCarty*
>
> Albany Medical Center
>
> 43 New Scotland Ave.
>
> Albany, NY 12208
>
>
>
> desk: 518.262.0280
>
> cell: 518.312.0706
>
>
>
> ------------------------------
> ----------------------------------------- CONFIDENTIALITY NOTICE: This
> email and any attachments may contain confidential information that is
> protected by law and is for the sole use of the individuals or entities to
> which it is addressed. If you are not the intended recipient, please notify
> the sender by replying to this email and destroying all copies of the
> communication and attachments. Further use, disclosure, copying,
> distribution of, or reliance upon the contents of this email and
> attachments is strictly prohibited. To contact Albany Medical Center, or
> for a copy of our privacy practices, please visit us on the Internet at
> www.amc.edu.
>
>
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140617/34e3b847/attachment.html
More information about the sakai-dev
mailing list