[Intellij] Failed to test connection

philipp.a....@gmail.com

未読、

2016/11/10 3:08:562016/11/10

To: SonarLint

I cannot setup connected mode in IntelliJ 2016.3 EAP with SonarLint 2.3.2

I enter the server url and click Test Connection.

It says: Fail to request http://...

But when I access the url, it works, and i get:

{

id: "...",
version: "6.1",
status: "UP"

}

Is this a known issue?

Best, Philipp

nicola...@gmail.com

未読、

2016/11/13 6:43:422016/11/13

To: SonarLint、philipp.a....@gmail.com

I can confirm this issue with SonarLint 2.4 and IntelliJ 2016.2.5 Community on Ubuntu 16.04 and Windows 10.

Connection worked fine before updating SonarLint to 2.4.

URL returns: {"id":"20161009195132","version":"6.0","status":"UP"}

Cheers,

Nicolai

Duarte Meneses

未読、

2016/11/14 3:41:482016/11/14

To: nicola...@gmail.com、SonarLint、philipp.a....@gmail.com

Thanks for reporting the problem.
Could you please check your IntelliJ logs (in Linux, located in ~/.Idea[version]/system/log/idea.log and post here the full stack trace of the connection error?

--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/42926102-2941-4316-a6ee-70249af7062e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Duarte MENESES | SonarSource

http://sonarsource.com

nicola...@gmail.com

未読、

2016/11/14 8:10:362016/11/14

To: SonarLint、philipp.a....@gmail.com

It looks like a certificate problem. Interestingly, today from work the connection worked.

I will recheck this at home this evening.

By the way: After I reverted back to SonarLint 2.3.2 yesterday, I could connect to the server again.

2016-11-13 12:37:34,722 [ 21141] INFO - intellij.core.ServerUpdateTask - Error updating from server 'Tigers'

java.lang.IllegalStateException: Fail to request https://tigers-mannheim.de/sonar6/api/system/status

at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:305)

at org.sonarqube.ws.client.HttpConnector.get(HttpConnector.java:245)

at org.sonarqube.ws.client.HttpConnector.call(HttpConnector.java:234)

at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.rawGet(SonarLintWsClient.java:99)

at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.get(SonarLintWsClient.java:66)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.fetchServerInfos(ServerVersionAndStatusChecker.java:93)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:57)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:47)

at org.sonarsource.sonarlint.core.container.connected.update.GlobalUpdateExecutor.update(GlobalUpdateExecutor.java:69)

at org.sonarsource.sonarlint.core.container.connected.ConnectedContainer.update(ConnectedContainer.java:78)

at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.update(ConnectedSonarLintEngineImpl.java:190)

at org.sonarlint.intellij.core.ServerUpdateTask.run(ServerUpdateTask.java:85)

at org.sonarlint.intellij.core.ServerUpdateTask$1.run(ServerUpdateTask.java:64)

at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:635)

at com.intellij.openapi.progress.impl.CoreProgressManager$9.run(CoreProgressManager.java:384)

at com.intellij.openapi.progress.impl.CoreProgressManager$3.run(CoreProgressManager.java:170)

at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:494)

at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:443)

at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:54)

at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:155)

at com.intellij.openapi.application.impl.ApplicationImpl.lambda$null$9(ApplicationImpl.java:548)

at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:307)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

at okhttp3.internal.io.RealConnection.connectTls(RealConnection.java:239)

at okhttp3.internal.io.RealConnection.establishProtocol(RealConnection.java:196)

at okhttp3.internal.io.RealConnection.buildConnection(RealConnection.java:171)

at okhttp3.internal.io.RealConnection.connect(RealConnection.java:111)

at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:187)

at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:123)

at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:93)

at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:296)

at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)

at okhttp3.RealCall.getResponse(RealCall.java:243)

at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:201)

at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:163)

at okhttp3.RealCall.execute(RealCall.java:57)

at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:302)

... 26 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)

at sun.security.validator.Validator.validate(Validator.java:260)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)

... 47 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)

... 53 more

On Thursday, November 10, 2016 at 9:08:56 AM UTC+1, philipp.a....@gmail.com wrote:

Duarte Meneses

未読、

2016/11/14 9:21:102016/11/14

To: Nicolai Ommer、SonarLint、Philipp Steinwender

Ok, thanks.

SonarLint doesn't support certificates configured within IntelliJ: https://jira.sonarsource.com/browse/SLI-75

It could be that in 2.3.*, SonarLint was not strictly enforcing server certificate validation. There were some changes done in 2.4 in the library that SonarLint uses for networking and server validation is done.

It that's the case, the solution is to either install the certificate in the truststore in the JRE that IntelliJ uses, or pass the appropriate JVM parameters pointing to another truststore.

--

You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/454f0af0-9742-4d45-8d41-542ac36c4cb8%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

nicola...@gmail.com

未読、

2016/11/14 14:12:362016/11/14

To: SonarLint、nicola...@gmail.com、philipp.a....@gmail.com

I validated the issue at home now. The result is strange:

On my work laptop (Windows 10), it kept working after resume, but stopped working after I restarted IntelliJ.

On my private laptop (Ubuntu 16.04) I reinstalled SonarLint 2.4, restarted IntelliJ and the Plugin stopped working again. Another restart showed no change.

It is the same exception stack trace on Linux.

The Certificate on the Server is from Let's Encrypt.

To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/454f0af0-9742-4d45-8d41-542ac36c4cb8%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Nicolai Ommer

未読、

2016/11/14 16:43:302016/11/14

To: SonarLint、philipp.a....@gmail.com

Just found out, that someone else got the same error (PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target) with the Eclipse Plugin...

You received this message because you are subscribed to a topic in the Google Groups "SonarLint" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarlint/UHCFq-yIZJ0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarlint+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/b94e71fe-45bc-4542-a8d9-eb3b96f74966%40googlegroups.com.

Duarte Meneses

未読、

2016/11/15 4:28:222016/11/15

To: Nicolai Ommer、SonarLint、Philipp Steinwender

Nicolai,

Thanks for investigating the problem. Could you try adding the certificate to the truststore used by IntelliJ? It shoud work with it.

To unsubscribe from this group and all its topics, send an email to sonarlint+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/b94e71fe-45bc-4542-a8d9-eb3b96f74966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "SonarLint" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/CAP%3Dx8Q-o%2BiHRr%3D5eAt_geK2bE3rPKa2%2BXuVe45h%3DRsPT7mB3Lw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Nicolai Ommer

未読、

2016/11/15 9:39:122016/11/15

To: Duarte Meneses、SonarLint、Philipp Steinwender

Hi Duarte,

I'm not sure which truststore you talk about. Do you mean a JVM truststore file? How do I add the certificate?

To unsubscribe from this group and all its topics, send an email to sonarlint+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/b94e71fe-45bc-4542-a8d9-eb3b96f74966%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "SonarLint" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/CAP%3Dx8Q-o%2BiHRr%3D5eAt_geK2bE3rPKa2%2BXuVe45h%3DRsPT7mB3Lw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
Duarte MENESES | SonarSource
http://sonarsource.com

--

You received this message because you are subscribed to a topic in the Google Groups "SonarLint" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarlint/UHCFq-yIZJ0/unsubscribe.

To unsubscribe from this group and all its topics, send an email to sonarlint+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/CAC%2BcT%3D%2BXRg0afQoeuiBULtLQhn1sBpNAL8Tw70N-xNRRrecYtA%40mail.gmail.com.

alexis...@gmail.com

未読、

2016/11/17 10:45:132016/11/17

To: SonarLint、duarte....@sonarsource.com、philipp.a....@gmail.com、nicola...@gmail.com

Hi there,

Same issue here since I updated SonarLint today: plugin's able to access my SonarQube instance since then.

Certificate was already listed, I removed it to reimport it, nothing changed.

2016-11-17 16:41:11,368 [8772025] INFO - intellij.core.ServerUpdateTask - Error updating from server 'Sonar PIC v2'

java.lang.IllegalStateException: Fail to request https://[my_sonar_url]/api/system/status

Julien HENRY

未読、

2016/11/17 11:07:062016/11/17

To: alexis...@gmail.com、SonarLint、Duarte Meneses、philipp.a....@gmail.com、nicola...@gmail.com

Hi,

2016-11-17 16:45 GMT+01:00 <alexis...@gmail.com>:

Certificate was already listed, I removed it to reimport it, nothing changed.

Could you please precise if your certificate is imported using IntelliJ configuration screen, or directly in the JVM trustore? Also precise if this is a self signed certificate?

Thanks

Julien

bri...@warped-minds.com

未読、

2016/11/17 12:12:382016/11/17

To: SonarLint、alexis...@gmail.com、duarte....@sonarsource.com、philipp.a....@gmail.com、nicola...@gmail.com

Just adding another report... I get the same error / stack trace with a SSL cert from Lets Encrypt. I was using it in IntelliJ w/o issue for some time. I did not configure the IDE or JVM truststore in any way to accept the cert.

-- Brian

Alexis LEGROS

未読、

2016/11/17 15:00:572016/11/17

To: bri...@warped-minds.com、philipp.a....@gmail.com、duarte....@sonarsource.com、SonarLint、nicola...@gmail.com

Hi,

Thanks for the quick reply.
I can't remember adding it, so I guess SonarLint did the initial import when I connected to the Sonar instance for the first time.
2nd try was by adding it through IDEA settings. Didn't try through JVM yet.
Afaik, certificate comes from Let's Encrypt too. Can't check right now, I'll let you know asap.

Regards,
Alexis.

Duarte Meneses

未読、

2016/11/18 6:06:432016/11/18

To: Alexis LEGROS、bri...@warped-minds.com、Philipp Steinwender、SonarLint、Nicolai Ommer

I confirm that it's no longer possible to connect with username/password.

We will release very soon a bug fix which will include a fix for it: https://jira.sonarsource.com/browse/SLI-129

Regarding the trust of server certificates, it's a known limitation that it can't be configured using IntelliJ's options: https://jira.sonarsource.com/browse/SLI-75

In the previous SonarLint version (2.3.x), SonarLint was trusting all server certificates due to a limitation in the networking library that it was using, but it has been fixed in the latest versions 2.4.x.

The server certificate needs to be imported using keytool to the truststore (cacerts) used by intellij. Typically the trustore is located in IntelliJ's embedded JRE: [IntelliJ_install_dir]/jre/jre/lib/security/cacerts.

We are still considering if we will support configuring trusted server certificates through IntelliJ's configuration in future versions.

Alexis LEGROS

未読、

2016/11/18 8:52:052016/11/18

To: Duarte Meneses、Brian Rozmierski、Philipp Steinwender、SonarLint、Nicolai Ommer

Hi team,

I confirm that adding it to the JRE's keystore solved the issue.

Thanks a lot for your help.

PS: cacerts password is changeit

Brian Rozmierski

未読、

2016/11/18 10:06:152016/11/18

To: Alexis LEGROS、Duarte Meneses、Philipp Steinwender、SonarLint、Nicolai Ommer

Unfortunately this is problematic for a few reasons....

If you use Toolbox to launch/update your IDE, it creates a new installation directory with each update, meaning each update will need cacerts to be modified again. Second, on a Mac cacerts is a signed file, changing it breaks the app signature.

-- Brian

duarte.meneses

未読、

2016/12/09 11:22:482016/12/09

To: SonarLint、alexis...@gmail.com、duarte....@sonarsource.com、philipp.a....@gmail.com、nicola...@gmail.com

The problem will be fixed in the upcoming SonarLint IntelliJ 2.6 - the corresponding ticket is closed: https://jira.sonarsource.com/browse/SLI-75.

We have the first milestone for v2.6 ready which includes this fixed.
It would be great to have early feedback about it, so feel free to test it by installing the following file:

https://repox.sonarsource.com/sonarsource-public-builds/org/sonarsource/sonarlint/intellij/sonarlint-intellij/2.6.0.1481/SonarLint-2.6.0.1481.zip

Thanks.

Brian Rozmierski

未読、

2016/12/09 11:52:282016/12/09

To: duarte.meneses、SonarLint、alexis...@gmail.com、philipp.a....@gmail.com、nicola...@gmail.com

We did a quick test on one machine and am glad to report it "just works". :)

Thanks for the fix - can't wait to see it roll out officially.

-- Brian

--

You received this message because you are subscribed to a topic in the Google Groups "SonarLint" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarlint/UHCFq-yIZJ0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarlint+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/30384346-b40c-4bf2-985b-2a1d88d5dbb6%40googlegroups.com.

Duarte Meneses

未読、

2016/12/12 3:20:162016/12/12

To: Brian Rozmierski、SonarLint、Alexis LEGROS、Philipp Steinwender、Nicolai Ommer

Thanks for the feedback.

On 9 December 2016 at 17:52, Brian Rozmierski <bri...@warped-minds.com> wrote:

We did a quick test on one machine and am glad to report it "just works". :)

Thanks for the fix - can't wait to see it roll out officially.

-- Brian

To unsubscribe from this group and all its topics, send an email to sonarlint+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/30384346-b40c-4bf2-985b-2a1d88d5dbb6%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

gha...@gmail.com

未読、

2016/12/14 15:36:212016/12/14

To: SonarLint、alexis...@gmail.com、duarte....@sonarsource.com、philipp.a....@gmail.com、nicola...@gmail.com

Hi! I tried to install the plugin you posted and still couldn't establish a connection to the remote server. The logs are below:

2016-12-14 15:22:40,513 [ 407543] INFO - tellij.core.ConnectionTestTask - Connection test failed

java.lang.IllegalStateException: Fail to request https://10.7.0.131/api/system/status

at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:165)

at org.sonarqube.ws.client.HttpConnector.get(HttpConnector.java:111)

at org.sonarqube.ws.client.HttpConnector.call(HttpConnector.java:100)

at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.rawGet(SonarLintWsClient.java:101)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.fetchServerInfos(ServerVersionAndStatusChecker.java:96)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:60)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:50)

at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:48)

at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:43)

at org.sonarlint.intellij.core.ConnectionTestTask.run(ConnectionTestTask.java:52)

at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:710)

at com.intellij.openapi.progress.impl.CoreProgressManager$11.run(CoreProgressManager.java:423)

at com.intellij.openapi.progress.impl.CoreProgressManager$3.run(CoreProgressManager.java:179)

at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:568)

at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:519)

at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:54)

at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:164)

at com.intellij.openapi.application.impl.ApplicationImpl.lambda$null$9(ApplicationImpl.java:572)

at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:309)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.7.0.131 not verified:

certificate: sha256/D4HzkJOhYIHnCnlcXRYsHj7ZBHsUxeBh9IdK5u5eJrw=

DN: CN=sonar.lego.local, OU=Product Team, O=BlueCat, L=Toronto, ST=ON, C=CA

subjectAltNames: []

at okhttp3.internal.io.RealConnection.connectTls(RealConnection.java:248)