Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] eXist 5.2.0 (using Jetty 9.4.26) doesn't handle SNI certs #3277

Closed
phattire opened this issue Mar 5, 2020 · 3 comments
Closed

[BUG] eXist 5.2.0 (using Jetty 9.4.26) doesn't handle SNI certs #3277

phattire opened this issue Mar 5, 2020 · 3 comments
Assignees
@adamretter
Labels
awaiting-response requires additional information from submitter
Milestone
eXist-5.2.1

Comments

@phattire
Copy link

phattire commented Mar 5, 2020

We use an SNI cert with a number of hostnames as well as a wildcard hostname.

When upgrading from eXist 5.1.0 to 5.2.0 (due to the newer Jetty), we receive an error on startup "KeyStores with multiple certificates are not supported on the base class".

Here is a discussion on the Jetty SslContextFactory: jetty/jetty.project#4425

OS: Linux
@triage-new-issues triage-new-issues bot added the triage issue needs to be investigated label Mar 5, 2020
@phattire phattire changed the title [BUG] Jetty 9.4.26 in eXist 5.2.0 Doesn't Handle SNI certs [BUG] eXist 5.2.0 (using Jetty 9.4.26) doesn't handle SNI certs Mar 5, 2020
@adamretter
Copy link
Contributor

@phattire the advice in that thread is to change new Server(); to new SslContextFactory.Server();.

However, we are already using SslContextFactory.Server(), see: https://github.com/eXist-db/exist/blob/develop/exist-jetty-config/src/main/resources/org/exist/jetty/etc/jetty-ssl-context.xml#L13

@adamretter adamretter added this to the eXist-5.2.1 milestone Mar 6, 2020
@adamretter
Copy link
Contributor

@phattire If you want this issue resolved, we are going to need input from you...

Can you at least tell us how to reproduce the issue step by step? I am not even sure how to create and/or configure an SNI certificate at the moment

@adamretter adamretter added the awaiting-response requires additional information from submitter label Mar 11, 2020
@triage-new-issues triage-new-issues bot removed the triage issue needs to be investigated label Mar 11, 2020
@adamretter adamretter self-assigned this Mar 11, 2020
@adamretter
Copy link
Contributor

Closing due to a lack of response. Please feel free to re-open.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adamretter adamretter

Labels
awaiting-response requires additional information from submitter
Projects
None yet
Milestone
eXist-5.2.1
Development

No branches or pull requests
2 participants
@adamretter @phattire