Error: HTTPS hostname wrong

[Mickael Escudero]

Hello,

Recently when trying to load an IGV session from a URL using https I get the following error:

java.io.IOException: HTTPS hostname wrong: should be <myserver.org>

I have done a few tests, the problem seems to be OS independent and to appear with java 1.8 but not java 1.7

Has anyone come across this or know how to fix it?

I'm guessing it has something to do either with the SSL certificate of the server or with my institute's proxy that redirects to the server (my server has recently been re-routed through a new proxy)

Cheers,

Mickael

[Mickael]

Forgot to precise, I'm using IGV Version 2.3.46

[Jim Robinson]

Hi,
This does look like a certificate problem, but I am not able to reproduce it.  IGV does not validate certificates or host names,  it accepts them all.    Could you possibly point me to a server causing the problem,  or try loading this using "load from URL" and tell me if you get the same error?

https://1000genomes.s3.amazonaws.com/data/HG01879/alignment/HG01879.mapped.ILLUMINA.bwa.ACB.low_coverage.20120522.bam

--

---
You received this message because you are subscribed to the Google Groups "igv-help" group.
To unsubscribe from this group and stop receiving emails from it, send an email to igv-help+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/igv-help/af580df8-71c5-4286-801b-80893a2fb0c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Mickael]

Hi,

The link you gave me works fine.

I'm guessing the problem does not come from IGV but from the fact that java 1.8 has got a higher security level by default.

Here's a link from my institute that used to work but does not anymore when using "load from URL". I removed the lines loading sensitive data so this session file only loads a genome.

https://bioinformatics.cancerresearchuk.org/~escude01/Folder1_bam_raw_1.xml

[Jim Robinson]

OK, thanks, I am able to reproduce the problem with that link.   I will investigate solutions.   Does that site have a valid certificate for the host name bioinformatics.cancerresearchuk.org?

To view this discussion on the web visit https://groups.google.com/d/msgid/igv-help/165f6e4e-720b-48a4-976d-ec1f027b595c%40googlegroups.com.

[Mickael]

My server has got a valid SSL certificate for bioinformatics.cancerresearchuk.org yes.

One of my colleagues, using such a link, got an extra error message with the following:

- Downloading from "bioinformatics.cancerresearchuk.org"

- Expecting "*.crick.ac.uk"

crick.ac.uk is the default domain for the new proxy set up by my institute's IT department just before this problem started to occur. So far my guess is that the problem is caused by the discrepancy between the domain given in the link and the domain returned by this proxy re-routing the traffic towards my server, but it's probably not that simple.

[Jim Robinson]

Was your colleagues download through IGV, a web browser, or some other
tool?

Jim

[Mickael]

It was using IGV (screenshot attached).

Accessing those files through a web browser works fine, and does not rise a certificate warning.

[Jim Robinson]

OK, keep the test file up.   This might take some time.   

--

---
You received this message because you are subscribed to the Google Groups "igv-help" group.
To unsubscribe from this group and stop receiving emails from it, send an email to igv-help+u...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/igv-help/5af3024f-1601-4098-9feb-a8c9a64b252e%40googlegroups.com.

[Mickael]

Yes no worries. Thanks for looking into that :-)

[Jim Robinson]

Hi,  I think this is fixed.  Could you try the "snapshot" build and verify it?  You can download it from

http://www.broadinstitute.org/software/igv/download_snapshot

Thanks

Jim

To view this discussion on the web visit https://groups.google.com/d/msgid/igv-help/16d7b0d1-bdd6-46de-acda-9e7efd929ee6%40googlegroups.com.

[Mickael]

Hi Jim,

I just tried and I now get a different error:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching bioinformatics.cancerresearchuk.org found.

[Jim Robinson]

Apologies, that doesn't happen in my development environment but I see
it now. That's a different error, investigating.

[Jim Robinson]

OK, ready to try again (snapshot).

Jim

To view this discussion on the web visit https://groups.google.com/d/msgid/igv-help/dbfa4441-06bb-4a1b-a429-635f3e216ed8%40googlegroups.com.

[Mickael]

Hi Jim,

It seems to work indeed, thank you so much :-) 

What was the problem and how did you fix it?

[Jim Robinson]

The latest error occurred because I had disabled java's "SNIExtension" in response to another ticket.  Obviously that was a bad idea.   The original problem was caused by SSL workarounds for some Java issues in JDK 1.7 and earlier.    Those workarounds aren't needed in Java 1.8,  and in fact lead to the error you experienced.

So the bottom line is Java 8 seems to have fixed some longstanding SSL issues, and previous hacks should be removed.   In the IGV code there is an "is Java 8" type test that does that.

You can browse the git commits if you want more details.

Jim

To view this discussion on the web visit https://groups.google.com/d/msgid/igv-help/fb72e960-7739-43a0-9649-d38070f7df37%40googlegroups.com.