SonarLint - javax.net.ssl.SSLPeerUnverifiedException with Intellij IDEA

[Nikunj Singh]

Hi,

We have a simple maven java project and we are trying to use SonarLint plugin with Intellij IDEA. We are using IntelliJ IDEA 2017.2.1 + SonarLint 3.0. I asked JetBrains about it and they said to report it to SonarQube.

The Intelij SonarLint plugin is causing javax.net.ssl.SSLPeerUnverifiedException when connecting to https://internal.sonarqube.example.com.

Intellij Ultimate 2017.1 and SonarLint 3, http://www.sonarlint.org/intellij/index.html has the install instructions.  Follow the instructions in "Connected Mode" for how to connect to our Sonarqube server.

After you enter the token you will get an error.  When you look in the logs you will see the below exception.

This jira issue for SonarLint says the problem was fixed, maybe this is a regression.  https://jira.sonarsource.com/browse/SLI-75

Here's a discussion on google groups but no answer. Adding -Djavax.net.debug=ssl:handshake -Djavax.net.debug=all to Intellij as per the last comment did not change the contents of the log file.

Exception:

java.lang.IllegalStateException: Fail to request https://sonarqube/api/system/status

at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:179)

at org.sonarsource.sonarlint.core.util.ws.HttpConnector.get(HttpConnector.java:111)

at org.sonarsource.sonarlint.core.util.ws.HttpConnector.call(HttpConnector.java:100)

at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.rawGet(SonarLintWsClient.java:112)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.fetchServerInfos(ServerVersionAndStatusChecker.java:97)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:61)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:51)

at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:60)

at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:53)

at org.sonarlint.intellij.tasks.ConnectionTestTask.run(ConnectionTestTask.java:52)

at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:718)

at com.intellij.openapi.progress.impl.CoreProgressManager$5.run(CoreProgressManager.java:402)

at com.intellij.openapi.progress.impl.CoreProgressManager.a(CoreProgressManager.java:170)

at com.intellij.openapi.progress.impl.CoreProgressManager.a(CoreProgressManager.java:548)

at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:493)

at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:94)

at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:157)

at com.intellij.openapi.application.impl.ApplicationImpl.a(ApplicationImpl.java:603)

at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:343)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname internal-sonarqube.example.com not verified:

   certificate: sha256/yIpv22ae0ECrhkD3Naepp7Nbkn1q6JASQXO4wMyNI5k=

   DN: C=US, ST=California, O=Example Inc., OU=management:idms.group.12345, CN=*.foo.example.com

   subjectAltNames: [foo.example.com, *.foo.example.com]

at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:277)

at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:238)

at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:149)

at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192)

at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)

at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)

at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185)

at okhttp3.RealCall.execute(RealCall.java:69)

at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:176)

... 23 more

Any pointers to help fix the problem is highly appreciated.

Regards,

Nikunj

[Duarte Meneses]

Hi,

Using '-Djavax.net.debug=all' might be useful - it will log to stdout, so try to start intelliJ from the console.

Did you configure a trusted certificate in intellij?

--
You received this message because you are subscribed to the Google Groups "SonarLint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/f497e208-1f44-437c-9e99-cd4082517abd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Duarte Meneses | SonarSource

Software Engineer

http://sonarsource.com

Are you using SonarLint in your IDE?

[Nikunj Singh]

Hi Duarte,

Thanks for your reply. Yes, we configured the trusted certificate in intellij. I have attached the logs with and without certificate for your review.

Any pointers to get to problem would be very helpful.

Regards,

Nikunj

To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/f497e208-1f44-437c-9e99-cd4082517abd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Duarte Meneses]

Hi,

It seems like there was a trusted certificate found in both cases. Did you get the same java stack trace as before in both cases? I guess you are changing the URLs in the logs?

I would suggest you try the following:

• If you can, also activate javax.net.debug on the server and check the logs (it could be rejecting the connection).
• Try to add the certificate directly to the JVM's truststore and see if that works - if it does, then there is a problem with either IntelliJ or SonarLint and we need to investigate it. You can see in the first lines of the debug logs what is the truststore that is used, it's probably [intellij install path]/jre64/lib/security/cacerts.

To unsubscribe from this group and stop receiving emails from it, send an email to sonarlint+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/20dee7e3-0caf-4559-ba03-a4234e4d09be%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[praveen.sr...@gmail.com]

Hi Duarte,

I am also facing similar issue. I have added the certificate to cacerts in jvm and allowed to trust automatically in intellij. I have tried switching jvm boot. But nothing worked. Can you help me.? I have following in intellij logs
javax.net.ssl.SSLPeerUnverifiedException: Hostname <hostname> not verified same as in this thread. I am using Intellij with sonarLint 3.1.0.2244 and sonarQube server is 6.5

To view this discussion on the web visit https://groups.google.com/d/msgid/sonarlint/20dee7e3-0caf-4559-ba03-a4234e4d09be%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.