[Building Sakai] Sakai 2.9.3 Issue

McCarty, Matthew C McCartM2 at mail.amc.edu
Tue Jun 17 13:04:33 PDT 2014 

Hi Joshua – that JIRA worked.  Thank you!!

-Matt

From: Joshua Swink [mailto:jswink at ucmerced.edu]
Sent: Tuesday, June 17, 2014 2:06 PM
To: McCarty, Matthew C
Cc: sakai-dev at collab.sakaiproject.org
Subject: Re: [Building Sakai] Sakai 2.9.3 Issue

Assuming you haven't applied the fix in the following issue: https://jira.sakaiproject.org/browse/SAK-23838

The help system normally tries to make a new connection to the local machine to retrieve help documents. If SAKAPP01.sakaidmz.amc.edu<http://SAKAPP01.sakaidmz.amc.edu> resolves to the netscaler, it could be getting back that SSL certificate and the hostname within will not match, thus the exception. It depends on what exactly SAKAPP01.sakaidmz.amc.edu<http://SAKAPP01.sakaidmz.amc.edu> resolves to, and whether there is any SSL certificate on the application server etc. The patch from SAK-23838 might be enough to fix the issue, but the symptoms aren't exactly the same.
Josh

On Tue, Jun 17, 2014 at 10:31 AM, McCarty, Matthew C <McCartM2 at mail.amc.edu<mailto:McCartM2 at mail.amc.edu>> wrote:
Hi, we’re in middle of our Sakai 2.9.3 upgrade.  We’ve released the system to our end users, and are noticing each time a user opens up the help, the following bug report is sent out.  We have 3 application servers, with a netscaler in front.  The netscaler is what houses our SSL certificate, as each app server does not contain the certificate.  In this bug report, it looks like the tool is trying to look for a certificate with our server’s local host name, and it not the URL the user is connected on.

From a user stand point, there are no error messages shown.  The help tool works as you would expect.  Any thoughts on why this is occurring?  We’ve had this type of setup in production for many years, across multiple versions of Sakai and have never had this issue.

Thanks in advance!




bug-id: 9f2a0379-ff1a-404e-b4c0-195146b31e27

user: mccartm2 (Matthew McCarty)

email: McCartM2 at mail.amc.edu<mailto:McCartM2 at mail.amc.edu>

usage-session: b78b1683-b14e-4514-b5d0-bd40c43812e5

stack-trace-digest: 1034305359817A6E1250D760547D7B540669F065

sakai-version: 2.9.3

service-version: RELEASE

app-server: SAKAPP01

user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

browser-id: Win-Mozilla

IP: 167.244.213.104

request-path: /portal/help/content.hlp

time: Jun 17, 2014 13:28:08





stack trace:



org.sakaiproject.portal.api.PortalHandlerException: org.sakaiproject.tool.api.ToolException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching SAKAPP01.sakaidmz.amc.edu<http://SAKAPP01.sakaidmz.amc.edu> found

    at org.sakaiproject.portal.charon.SkinnableCharonPortal.doGet(SkinnableCharonPortal.java:893)

caused by: org.sakaiproject.tool.api.ToolException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching SAKAPP01.sakaidmz.amc.edu<http://SAKAPP01.sakaidmz.amc.edu> found

    at org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1487)

caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching SAKAPP01.sakaidmz.amc.edu<http://SAKAPP01.sakaidmz.amc.edu> found

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)

caused by: java.security.cert.CertificateException: No name matching SAKAPP01.sakaidmz.amc.edu<http://SAKAPP01.sakaidmz.amc.edu> found

    at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:208)

    at sun.security.util.HostnameChecker.match(HostnameChecker.java:93)

    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    at java.net.URL.openStream(URL.java:1037)

    at org.sakaiproject.tool.help.ContentServlet.doGet(ContentServlet.java:142)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)

    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:487)

    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:412)

    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339)

    at org.sakaiproject.jsf.util.JsfTool.dispatch(JsfTool.java:137)

    at org.sakaiproject.tool.help.HelpJsfTool.dispatch(HelpJsfTool.java:96)

    at org.sakaiproject.jsf.util.JsfTool.doGet(JsfTool.java:241)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)

    at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:487)

    at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:379)

    at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339)

    at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:511)

    at org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1487)

    at org.sakaiproject.portal.charon.handlers.HelpHandler.doHelp(HelpHandler.java:107)

    at org.sakaiproject.portal.charon.handlers.HelpHandler.doGet(HelpHandler.java:69)

    at org.sakaiproject.portal.charon.SkinnableCharonPortal.doGet(SkinnableCharonPortal.java:893)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:695)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

    at java.lang.Thread.run(Thread.java:724)





Tool Placement:

No Placement





Request:

:    AuthType:null

:    CharEncoding:UTF-8

:    ContentLength:-1

:    ContentType:null

:    ContextPath:/portal

:    LocalAddress:167.244.213.54

:    LocalName:SAKAPP01.sakaidmz.amc.edu<http://SAKAPP01.sakaidmz.amc.edu>

:    LocalPort:443

:    Method:GET

:    PathInfo:/help/content.hlp

:    Protocol:HTTP/1.1

:    QueryString:docId=html/help.html

:    RemoteAddress:167.244.213.104

:    RemoteHost:167.244.213.104

:    RemotePort:24629

:    Requested URL:https://sakai.amc.edu/portal/help/content.hlp

:    Scheme:https

:    ServerName:sakai.amc.edu<http://sakai.amc.edu>

:    Headers:

:        Header:host:sakai.amc.edu<http://sakai.amc.edu>

:        Header:connection:keep-alive

:        Header:accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

:        Header:user-agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

:        Header:referer:https://sakai.amc.edu/portal/help/main?help=sakai.online

:        Header:accept-encoding:gzip,deflate,sdch

:        Header:accept-language:en-US,en;q=0.8

:        Header:cookie:---censored---

:    Parameters:

:        Parameter:docId:0:html/help.html

:    Attributes:

:        Attribute:sakai.character.encoding.done:sakai.character.encoding.done

:        Attribute:tool.url.manager:org.sakaiproject.portal.util.ToolURLManagerImpl at 64eb50b2

:        Attribute:sakai.html.body.onload:setMainFrameHeight('Mainhelp');setFocus(focus_path);

:        Attribute:javax.servlet.request.key_size:128

:        Attribute:sakai.filtered:sakai.filtered

:        Attribute:sakai.html.head.css:<link href="/library/skin/tool_base.css" type="text/css" rel="stylesheet" media="all" />

<link href="/library/skin/neo-Amc2014/tool.css" type="text/css" rel="stylesheet" media="all" />



:        Attribute:sakai.session:org.sakaiproject.tool.impl.MySession at 9ad6e5e8

:        Attribute:javax.servlet.request.ssl_session:53a075b5fb2f139e0c53c236192f0ab997aa7163689e15e56ca7bd56dfe132ea

:        Attribute:sakai.html.head.css.skin:<link href="/library/skin/neo-Amc2014/tool.css" type="text/css" rel="stylesheet" media="all" />



:        Attribute:javax.servlet.request.ssl_session_id:53a075b5fb2f139e0c53c236192f0ab997aa7163689e15e56ca7bd56dfe132ea

:        Attribute:sakai.html.head.js:<script type="text/javascript" language="JavaScript" src="/library/js/headscripts.js"></script>

<script type="text/javascript" language="JavaScript">var sakai = sakai || {}; sakai.editor = sakai.editor || {};  sakai.locale = sakai.locale || {}; sakai.locale.userCountry = 'US'; sakai.locale.userLanguage = 'en'; sakai.locale.userLocale = 'en_US'; sakai.editor.collectionId = '/group/null/'; sakai.editor.enableResourceSearch = false;</script> <script type="text/javascript" language="JavaScript">var CKEDITOR_BASEPATH='/library/editor/ckeditor/';

</script>

<script type="text/javascript" language="JavaScript" src="/library/editor/ckeditor/ckeditor.js"></script>

<script type="text/javascript" language="JavaScript" src="/library/editor/ckeditor.launch.js"></script>



:        Attribute:javax.servlet.request.ssl_session_mgr:org.apache.tomcat.util.net.jsse.JSSESupport at 14ff09e1

:        Attribute:sakai.html.head:<link href="/library/skin/tool_base.css" type="text/css" rel="stylesheet" media="all" />

<link href="/library/skin/neo-Amc2014/tool.css" type="text/css" rel="stylesheet" media="all" /> <script type="text/javascript" language="JavaScript" src="/library/js/headscripts.js"></script>

<script type="text/javascript" language="JavaScript">var sakai = sakai || {}; sakai.editor = sakai.editor || {};  sakai.locale = sakai.locale || {}; sakai.locale.userCountry = 'US'; sakai.locale.userLanguage = 'en'; sakai.locale.userLocale = 'en_US'; sakai.editor.collectionId = '/group/null/'; sakai.editor.enableResourceSearch = false;</script> <script type="text/javascript" language="JavaScript">var CKEDITOR_BASEPATH='/library/editor/ckeditor/';

</script>

<script type="text/javascript" language="JavaScript" src="/library/editor/ckeditor/ckeditor.js"></script>

<script type="text/javascript" language="JavaScript" src="/library/editor/ckeditor.launch.js"></script>



:        Attribute:sakai.html.head.css.base:<link href="/library/skin/tool_base.css" type="text/css" rel="stylesheet" media="all" />



:        Attribute:javax.servlet.request.cipher_suite:SSL_RSA_WITH_RC4_128_MD5

Session:

:    Created:1403025414769

:    LastAccess:1403026088602

:    MaxInactive:3600

:    Attributes:

:        Attribute:portalskin:neoskin


Matthew McCarty
Albany Medical Center
43 New Scotland Ave.
Albany, NY 12208

desk: 518.262.0280<tel:518.262.0280>
cell: 518.312.0706<tel:518.312.0706>

________________________________
----------------------------------------- CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please notify the sender by replying to this email and destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited. To contact Albany Medical Center, or for a copy of our privacy practices, please visit us on the Internet at www.amc.edu<http://www.amc.edu>.

_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org<mailto:sakai-dev at collab.sakaiproject.org>
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev

TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org<mailto:sakai-dev-unsubscribe at collab.sakaiproject.org> with a subject of "unsubscribe"



-----------------------------------------
CONFIDENTIALITY NOTICE: This email and any attachments may contain confidential information that is protected by law and is for the sole use of the individuals or entities to which it is addressed. If you are not the intended recipient, please notify the sender by replying to this email and destroying all copies of the communication and attachments. Further use, disclosure, copying, distribution of, or reliance upon the contents of this email and attachments is strictly prohibited. To contact Albany Medical Center, or for a copy of our privacy practices, please visit us on the Internet at www.amc.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140617/acbfd73a/attachment.html

More information about the sakai-dev mailing list