[JAVA-2573] java.security.cert.CertificateException: No subject alternative names matching IP address - Document supported JDK versions Created: 02/Aug/17  Updated: 02/Oct/17  Resolved: 02/Oct/17

Status: Closed
Project: Java Driver
Component/s: Documentation
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Tomer Yakir Assignee: Ross Lawley
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Hi,

When trying to connect to Atlas M0 using JDK 1.8.60, we got:

2017-07-30 14:42:47.353 INFO 12652 — [ngodb.net:27017] org.mongodb.driver.cluster : Exception in monitor thread while connecting to server cluster0-shard-00-01-d4sfb.mongodb.net:27017
com.mongodb.MongoSocketWriteException: Exception sending message
at com.mongodb.connection.InternalStreamConnection.translateWriteException(InternalStreamConnection.java:465) ~[mongodb-driver-core-3.4.2.jar:na]
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:208) ~[mongodb-driver-core-3.4.2.jar:na]
at com.mongodb.connection.CommandHelper.sendMessage(CommandHelper.java:89) ~[mongodb-driver-core-3.4.2.jar:na]
at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32) ~[mongodb-driver-core-3.4.2.jar:na]
at com.mongodb.connection.InternalStreamConnectionInitializer.initializeConnectionDescription(InternalStreamConnectionInitializer.java:85) ~[mongodb-driver-core-3.4.2.jar:na]
at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:45) ~[mongodb-driver-core-3.4.2.jar:na]
at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:116) ~[mongodb-driver-core-3.4.2.jar:na]
at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:113) ~[mongodb-driver-core-3.4.2.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60]
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 52.2.67.146 found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_60]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[na:1.8.0_60]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[na:1.8.0_60]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[na:1.8.0_60]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1506) ~[na:1.8.0_60]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_60]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_60]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_60]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_60]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_60]
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) ~[na:1.8.0_60]
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) ~[na:1.8.0_60]
at com.mongodb.connection.SocketStream.write(SocketStream.java:75) ~[mongodb-driver-core-3.4.2.jar:na]
at com.mongodb.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:204) ~[mongodb-driver-core-3.4.2.jar:na]
... 7 common frames omitted
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 52.2.67.146 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:167) ~[na:1.8.0_60]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) ~[na:1.8.0_60]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[na:1.8.0_60]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436) ~[na:1.8.0_60]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200) ~[na:1.8.0_60]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[na:1.8.0_60]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1488) ~[na:1.8.0_60]

The problem was resolved by upgrading JDK 1.8.60 to 1.8.144.

This is related to https://bugs.openjdk.java.net/browse/JDK-8133196. We need to indicate which JDK versions are supported.



 Comments   
Comment by Ross Lawley [ 02/Oct/17 ]

Hi tomer.yakir,

We do document which JDK versions we support:
https://docs.mongodb.com/ecosystem/drivers/driver-compatibility-reference/#reference-compatibility-language-java

Its not feasible to test all minor JDK versions. When it comes to patch releases, just like with MongoDB we would recommend using the latest version.

Ross

Generated at Thu Feb 08 08:57:34 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.