Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-6500

HTTPS modules fail because of algorithm constraints

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.12.5, 18.0.3
    • Fix Version/s: 19.1.0
    • Security Level: Default (Default Security Scheme)
    • Labels:
    • Environment:
      Java Version: 1.7.0_51 Oracle Corporation
      Java Virtual Machine: 24.51-b03 Oracle Corporation
      OpenNMS Version: 1.12.5
    • Sprint:
      Horizon - April 5

      Description

      We have a node with HTTPS service, which OPEN sees it down, because of certificate issue. We have just upgraded from 1.10.3 to 1.12.5 and this problem has appeared.

      Here you are what we see in poller.log.

      2014-04-09 15:21:47,811 WARN [Poller-Thread-13-of-30] HttpsMonitor: IOException while polling address /192.168.121.1
      javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)
      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
      at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
      at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
      at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
      at java.io.OutputStream.write(OutputStream.java:75)
      at org.opennms.netmgt.poller.monitors.HttpMonitor$HttpMonitorClient.sendHttpCommand(HttpMonitor.java:538)
      at org.opennms.netmgt.poller.monitors.HttpMonitor.poll(HttpMonitor.java:151)
      at org.opennms.netmgt.poller.pollables.LatencyStoringServiceMonitorAdaptor.poll(LatencyStoringServiceMonitorAdaptor.java:104)
      at org.opennms.netmgt.poller.pollables.PollableServiceConfig.poll(PollableServiceConfig.java:112)
      at org.opennms.netmgt.poller.pollables.PollableService.poll(PollableService.java:178)
      at org.opennms.netmgt.poller.pollables.PollableElement.poll(PollableElement.java:292)
      at org.opennms.netmgt.poller.pollables.PollableContainer$5.run(PollableContainer.java:305)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:263)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:249)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:227)
      at org.opennms.netmgt.poller.pollables.PollableContainer.poll(PollableContainer.java:312)
      at org.opennms.netmgt.poller.pollables.PollableInterface.poll(PollableInterface.java:205)
      at org.opennms.netmgt.poller.pollables.PollableContainer$5.run(PollableContainer.java:305)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:263)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:249)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:227)
      at org.opennms.netmgt.poller.pollables.PollableContainer.poll(PollableContainer.java:312)
      at org.opennms.netmgt.poller.pollables.PollableNode$3.run(PollableNode.java:303)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:263)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:249)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:227)
      at org.opennms.netmgt.poller.pollables.PollableNode.doPoll(PollableNode.java:306)
      at org.opennms.netmgt.poller.pollables.PollableElement.doPoll(PollableElement.java:183)
      at org.opennms.netmgt.poller.pollables.PollableService.doPoll(PollableService.java:211)
      at org.opennms.netmgt.poller.pollables.PollableService$PollRunner.run(PollableService.java:57)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:263)
      at org.opennms.netmgt.poller.pollables.PollableElement.withTreeLock(PollableElement.java:249)
      at org.opennms.netmgt.poller.pollables.PollableService.doRun(PollableService.java:383)
      at org.opennms.netmgt.poller.pollables.PollableService.run(PollableService.java:364)
      at org.opennms.netmgt.scheduler.Schedule.run(Schedule.java:135)
      at org.opennms.netmgt.scheduler.Schedule$ScheduleEntry.run(Schedule.java:80)
      at org.opennms.netmgt.scheduler.LegacyScheduler$1.run(LegacyScheduler.java:201)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at org.opennms.core.concurrent.LogPreservingThreadFactory$3.run(LogPreservingThreadFactory.java:107)
      at java.lang.Thread.run(Thread.java:744)
      Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
      at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:946)
      at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:872)
      at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:814)
      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323)
      ... 48 more

      Could you help us?

      Thanks in advance.

      Kind Regards.

        Attachments

          Activity

            People

            • Assignee:
              ronald.roskens@biworldwide.com Ron Roskens
              Reporter:
              cst_soporte CST Soporte
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: