SonarLint - javax.net.ssl.SSLPeerUnverifiedException with Intellij IDEA

[Nikunj Singh]

Hi,

We have a simple maven java project and we are trying to use SonarLint plugin with Intellij IDEA. We are using IntelliJ IDEA 2017.2.1 + SonarLint 3.0. I asked JetBrains about it and they said to report it to SonarQube.

The Intelij SonarLint plugin is causing javax.net.ssl.SSLPeerUnverifiedException when connecting to https://internal.sonarqube.example.com.

Intellij Ultimate 2017.1 and SonarLint 3, http://www.sonarlint.org/intellij/index.html has the install instructions.  Follow the instructions in "Connected Mode" for how to connect to our Sonarqube server.

After you enter the token you will get an error.  When you look in the logs you will see the below exception.

This jira issue for SonarLint says the problem was fixed, maybe this is a regression.  https://jira.sonarsource.com/browse/SLI-75

Here's a discussion on google groups but no answer. Adding -Djavax.net.debug=ssl:handshake -Djavax.net.debug=all to Intellij as per the last comment did not change the contents of the log file.

Exception:

java.lang.IllegalStateException: Fail to request https://sonarqube/api/system/status

at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:179)

at org.sonarsource.sonarlint.core.util.ws.HttpConnector.get(HttpConnector.java:111)

at org.sonarsource.sonarlint.core.util.ws.HttpConnector.call(HttpConnector.java:100)

at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.rawGet(SonarLintWsClient.java:112)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.fetchServerInfos(ServerVersionAndStatusChecker.java:97)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:61)

at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:51)

at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:60)

at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:53)

at org.sonarlint.intellij.tasks.ConnectionTestTask.run(ConnectionTestTask.java:52)

at com.intellij.openapi.progress.impl.CoreProgressManager$TaskRunnable.run(CoreProgressManager.java:718)

at com.intellij.openapi.progress.impl.CoreProgressManager$5.run(CoreProgressManager.java:402)

at com.intellij.openapi.progress.impl.CoreProgressManager.a(CoreProgressManager.java:170)

at com.intellij.openapi.progress.impl.CoreProgressManager.a(CoreProgressManager.java:548)

at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:493)

at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:94)

at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:157)

at com.intellij.openapi.application.impl.ApplicationImpl.a(ApplicationImpl.java:603)

at com.intellij.openapi.application.impl.ApplicationImpl$2.run(ApplicationImpl.java:343)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

at java.util.concurrent.FutureTask.run(FutureTask.java:266)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at java.lang.Thread.run(Thread.java:745)

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname internal-sonarqube.example.com not verified:

   certificate: sha256/yIpv22ae0ECrhkD3Naepp7Nbkn1q6JASQXO4wMyNI5k=

   DN: C=US, ST=California, O=Example Inc., OU=management:idms.group.12345, CN=*.foo.example.com

   subjectAltNames: [foo.example.com, *.foo.example.com]

at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:277)

at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:238)

at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:149)

at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192)

at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)

at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)

at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)

at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)

at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185)

at okhttp3.RealCall.execute(RealCall.java:69)

at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:176)

... 23 more

Any pointers to help fix the problem is highly appreciated.

Regards,

Nikunj

[Eric Hartmann]

Hi Nikunj,

According to the exception, I think you are using a self signed certificate on your internal server :

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname internal-sonarqube.example.com not verified:

   certificate: sha256/yIpv22ae0ECrhkD3Naepp7Nbkn1q6JASQXO4wMyNI5k=

   DN: C=US, ST=California, O=Example Inc., OU=management:idms.group.12345, CN=*.foo.example.com

   subjectAltNames: [foo.example.com, *.foo.example.com]

First, it seems that your server has an incorrect CN : *.foo.example.com and you are trying to reach it through internal-sonarqube.example.com (missing foo). So every client will emit a warning on this.

Second, you have to add your self-signed certificate into the JDK Idea is using, here is a small tutorial on this subject : https://www.grim.se/guide/jre-cert 

Cheers,

--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e8ed799b-6395-46b7-9f64-67503e34160e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Eric HARTMANN | SonarSource

http://sonarsource.com