It's all about the answers!

Ask a question

CLM 5.0 peer not authenticated error


Mustafa Askin (108713) | asked Jul 22 '14, 3:08 a.m.
I have a sample api that creates folder,artifact etc. I downloaded from jazz.net. It was works fine with CLM 4.0.6 but after I installed CLM 5.0 , I get the error below. 


javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at com.ibm.jsse2.fc.getPeerCertificates(fc.java:46)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:554)
at net.jazz.oslc.utils.HttpUtils.sendGetForSecureDocument(HttpUtils.java:233)
at net.jazz.oslc.consumer.examples.Example04.getServiceProviderCatalog(Example04.java:541)
at net.jazz.oslc.consumer.examples.Example04.run(Example04.java:91)
at net.jazz.oslc.consumer.examples.Example04.main(Example04.java:150)

Any help would be appreciated.

Comments

Mustafa Askin commented Jul 23 '14, 2:57 a.m.

 @Dnong I write a comment there too.

Accepted answer


permanent link
Rosa Naranjo (2.9k11623) | answered Sep 25 '14, 3:29 p.m.
FORUM MODERATOR / JAZZ DEVELOPER
The answer has indeed been provided in the other post and I am copying it here so that it may be easier. Thanks to Donald Nong for figuring it out.


Well I figured it out after some debugging and mucking around. It seems that the CLM 5.0 server (with the bundled Tomcat anyway) no longer allows SSL connection with SSLv3 protocol, and TLSv1 is the only one supported in the default configuration. Due to the mismatched protocol, the SSL handshake will fail and no connection can be established. To make the sample code work, you need to modify the net/jazz/oslc/utils/HttpUtils.java file by changing
            sc = SSLContext.getInstance("SSL"); //$NON-NLS-1$
to
            sc = SSLContext.getInstance("TLSv1"); //$NON-NLS-1$
With this change, the code should still work with CLM 4.0.x server since it supports both SSLv3 and TLSv1.

Mustafa Askin selected this answer as the correct answer

One other answer



permanent link
Ralph Earle (25739) | answered Aug 01 '14, 5:26 p.m.
FORUM ADMINISTRATOR / JAZZ DEVELOPER
Check out the answer that Donald Nong posted to Question 153891 on July 24: 

Comments
Mustafa Askin commented Aug 04 '14, 4:45 a.m.

I had already commented on that post. And also wrote here that I commented on that post too. Maybe you didn't read my comments.

what Donald write is;

I can actually see the same error in my CLM 5.0 environment now for some reason. I analyzed the network trace using Wireshark and found out that the Java application actually communicated with the CLM 5.0 server (GET versionCompatibility) before being kicked out by the server (it seems). 
The curious thing is CLM 4.0.6 and CLM 5.0 actually use the same certificate if the bundled Tomcat is used. Some more digging is still required. 

Any other idea ?

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.