designer packages https

Hi,

I'm trying to get Designer to fetch packages from a webserver (forced https), but I'm getting an error:

 

Screenshot 2020-08-27 at 11.19.32.jpg

 

from .log:

!ENTRY com.novell.core 4 0 2020-08-27 11:13:09.930
!MESSAGE Thrown Exception
!STACK 0
javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 1
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352)
at com.novell.idm.ui.contentupdates.PkgUpdateAction$1.run(PkgUpdateAction.java:275)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
at com.novell.core.datatools.access.nds.MultiLDAPTrustManager.checkServerTrusted(MultiLDAPTrustManager.java:150)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1099)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
... 9 more

I have imported all certificates into my cacert, to no avail.

Also the same files (package release) works just fine from a local directory ....

Thanks,

Casper

Tags:

  • Null pointer Exception means that some piece of data needed was missing.  So you look at the stack trace to guess at what was calling it.  If you have the Java class, you open it in a Java tool that shows you the contents and find the line nunmber reference to see what the function complaining is.

     

    In this case the stack says:

    !ENTRY com.novell.core 4 0 2020-08-27 11:13:09.930
    !MESSAGE Thrown Exception
    !STACK 0
    javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 1
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
    at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)

     

    So the HTTP client starts, starts SSL handshake and the stuff above it is the various error handling classes.  So something in the Start TLS failed.

     

    Then there is a Caused BY: which often helps clarify better.

     

    Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
    at com.novell.core.datatools.access.nds.MultiLDAPTrustManager.checkServerTrusted(MultiLDAPTrustManager.java:150)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1099)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)

    So the LDAP manager is expecting an Array and the value is out of range, and thus returns nothing, so the calling function has an NPE?

     

    Not sure that helped, but every bit can hint at a fix.

  • I have no idea why I saw a Null Pointer Exception in that trace. It is an array out of bounds error. Sorry.

    So this means, it has an array of 3 values and tried to read the 4th value that is missing. So still missing data..

    I would consider if they load the connect info into an array and it is missing something?  Port being the most obvious thing to think aboout.

  • Yes, it is a bit strange, if I take the same published package directory and put it locally then it works. Maybe I should try to spin up a local webserver to see ... humm.

    I have to go though a proxy or socks5 jump host (either will do) to get to the webserver which hosts this, but that should not cause it to throw an ssl error. 

    Yes, index out of bounds means that there is lacking some information, but what?

    I’ll throw it at MF Support, they might know what it is.

    Thanks!

    Cheers,
    Casper

  • Hi Casper,

    have you gotten any feedback from MF Support? We do face the very same issue

    thx,

    T.

  • Hi,

    Yes; you need to import your trusted root into the keystore ... I was never able to get an answer to what keystore it would be - and I tried all the ones I could find on my computer, and nothing helped.

    At the end of the day we ended up using GIT to deal with our packages - which works for us.

    Designer is well.... Designer - painful.

    Cheers.

  • It would have to be the JRE that Ddesigner is running from (see the designer.ini file or maybe the designer.sh) and its cacerts.

  • Lothar, that article seems to imply that the web server hosting the Repository, is trying a cipher that only works with TLS 1.2?  So what would a work around be?  The JRE seems like it would control the TLS and ciphers.

    I guess if you made sure you had a later 1.8 JRE running Designer that ought to solve it?

    So I guess the quetsion to those asking, which JRE is Designer using?

  • Hi Lothar, (and Geoffrey & Caspar)

    yes, 'been a while! Hope all is fine on your side of the 'weisswurstäquator'!

    TLS issues was one of my planned paths to further check, havent found that particular link until now. However: just tested with disabled TLSv1 and TLSv1.1 (mod to java.security), no success.

    I think it might be related to a bug in the trustmanager in LDAP-Designer, note 'MultiLDAPTrustManager' in the log.

    I already tried several ways to add the pubcert to keystores (specifiv, cacert, windows certstore). Next pick would be to replace the underlying openjdk, which is the built-in Zuul openDJK 1.8.0_222-b10 (to answer Geoffrey's question).

    BTW, we do talk about Designer 4.8.3 build 20210218 on Windows

    Thorsten

    !ENTRY com.novell.idm 2 0 2021-05-27 09:10:53.245
    !MESSAGE java.lang.ArrayIndexOutOfBoundsException: 1
    !STACK 0
    javax.net.ssl.SSLException: java.lang.ArrayIndexOutOfBoundsException: 1
    	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
    	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
    	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1903)
    	at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1886)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1402)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
    	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
    	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
    	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
    	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352)
    	at com.novell.idm.ui.contentupdates.PkgUpdateAction$1.run(PkgUpdateAction.java:289)
    	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
    Caused by: java.lang.ArrayIndexOutOfBoundsException: 1
    	at com.novell.core.datatools.access.nds.MultiLDAPTrustManager.checkServerTrusted(MultiLDAPTrustManager.java:150)
    	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:1099)
    	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
    	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
    	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
    	at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
    	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
    	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
    	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
    	... 9 more
    
  • Two ideas.  1) At the web server hosting the Repository, can youc ontrol the TLS and cipher it is using?  Change it there.

    2) Use a web browser (or wget) and grab the structure of the repo and its files. Use it as a file base repo.  (format is file:///c:/path/to/repo/ so file: then three slashes, c:/ for the driver and ends in a trailing slash.