We have a very simple application. All it does is read KVs from Consul. During SSL handshake, the client fails to send the client certificate resulting in bad certificate error. What we found was that ID keystore specified in command line JVM param -Djavax.net.ssl.keyStore was not being read. Appears to be a bug in the library. While debugging through the code, we saw that Spring Consul library is using deprecated classes of http client. Is that the reason we are seeing this issue?
Here is the code. We have a single file.
com.test.TestApp.java;
package com.test;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
/**
* Main Spring Boot Application class for
* the TestApp Consul implementation.
*/
@SpringBootApplication
public class TestApp {
public static void main(String[] args) {
SpringApplication app = new SpringApplication( TestApp.class );
app.run( args );
}
}
Here is the gradle build file:
buildscript {
ext {
springBootVersion = '1.3.5.RELEASE'
}
repositories {
mavenLocal()
maven { url "http://artifactory:8081/artifactory/repo" }
mavenCentral()
maven { url "http://repo.spring.io/libs-release" }
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
classpath('io.spring.gradle:dependency-management-plugin:0.6.0.RELEASE')
}
}
apply plugin: 'java'
apply plugin: 'eclipse'
apply plugin: 'idea'
apply plugin: 'spring-boot'
apply plugin: 'io.spring.dependency-management'
jar {
baseName = 'TestApp'
version = '1.0.3'
}
sourceCompatibility = 1.8
targetCompatibility = 1.8
repositories {
mavenLocal()
maven { url "http://artifactory:8081/artifactory/repo" }
mavenCentral()
maven { url "http://repo.spring.io/libs-release" }
maven { url "http://repo.spring.io/libs-milestone" }
}
dependencies {
compile('org.springframework.boot:spring-boot-starter-actuator')
compile('org.springframework.boot:spring-boot-configuration-processor')
compile('org.springframework.cloud:spring-cloud-starter-consul-all')
testCompile('org.springframework.boot:spring-boot-starter-test')
testCompile('org.mockito:mockito-all:1.10.19')
}
dependencyManagement {
imports {
mavenBom "org.springframework.cloud:spring-cloud-starter-parent:Brixton.SR5"
mavenBom "org.springframework.cloud:spring-cloud-consul-dependencies:1.0.2.RELEASE"
}
}
task sourcesJar(type: Jar, dependsOn: classes) {
classifier = 'sources'
from sourceSets.main.allSource
}
artifacts {
archives sourcesJar
}
eclipse {
classpath {
containers.remove('org.eclipse.jdt.launching.JRE_CONTAINER')
containers 'org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8'
}
}
task wrapper(type: Wrapper) {
gradleVersion = '2.14'
}
def filesToCopy = copySpec {
from 'build/libs/'
include '*SHOT.jar'
}
Here is the log file contents with SSL debug enabled:
2016-08-30 13:35:51.292 INFO 34035 --- [ main] s.c.a.AnnotationConfigApplicationContext : Refreshing org.springframework.context.annotation.AnnotationConfigApplicationContext@608416bd: startup date [Tue Aug 30 13:35:51 CDT 2016]; root of context hierarchy
2016-08-30 13:35:52.023 INFO 34035 --- [ main] f.a.AutowiredAnnotationBeanPostProcessor : JSR-330 'javax.inject.Inject' annotation found and supported for autowiring
2016-08-30 13:35:52.107 INFO 34035 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'configurationPropertiesRebinderAutoConfiguration' of type [class org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration$$EnhancerBySpringCGLIB$$4dc2a8d4] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
trustStore is: /<REDACTED>
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
<REDACTED>
trigger seeding of SecureRandom
done seeding SecureRandom
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v1.3.5.RELEASE)
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
main, setSoTimeout(60000) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1455739401 bytes = { 131, 144, 62, 92, 121, 62, 206, 192, 62, 91, 69, 244, 64, 45, 201, 1, 95, 138, 111, 228, 1, 200, 50, 90, 207, 86, 60, 197 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
***
[write] MD5 and SHA1 hashes: len = 117
0000: 01 00 00 71 03 03 57 C5 D2 09 83 90 3E 5C 79 3E ...q..W.....>\y>
0010: CE C0 3E 5B 45 F4 40 2D C9 01 5F 8A 6F E4 01 C8 ..>[E.@-.._.o...
0020: 32 5A CF 56 3C C5 00 00 2C 00 3D 00 6B 00 6A 00 2Z.V<...,.=.k.j.
0030: 35 00 39 00 38 00 3C 00 67 00 40 00 2F 00 33 00 5.9.8.<.g.@./.3.
0040: 32 00 9D 00 9F 00 A3 00 9C 00 9E 00 A2 00 0A 00 2...............
0050: 16 00 13 00 FF 01 00 00 1C 00 0D 00 18 00 16 06 ................
0060: 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 02 ................
0070: 03 02 01 02 02 .....
main, WRITE: TLSv1.2 Handshake, length = 117
[Raw write]: length = 122
0000: 16 03 03 00 75 01 00 00 71 03 03 57 C5 D2 09 83 ....u...q..W....
0010: 90 3E 5C 79 3E CE C0 3E 5B 45 F4 40 2D C9 01 5F .>\y>..>[E.@-.._
0020: 8A 6F E4 01 C8 32 5A CF 56 3C C5 00 00 2C 00 3D .o...2Z.V<...,.=
0030: 00 6B 00 6A 00 35 00 39 00 38 00 3C 00 67 00 40 .k.j.5.9.8.<.g.@
0040: 00 2F 00 33 00 32 00 9D 00 9F 00 A3 00 9C 00 9E ./.3.2..........
0050: 00 A2 00 0A 00 16 00 13 00 FF 01 00 00 1C 00 0D ................
0060: 00 18 00 16 06 03 06 01 05 03 05 01 04 03 04 01 ................
0070: 03 03 03 01 02 03 02 01 02 02 ..........
[Raw read]: length = 5
0000: 16 03 03 00 31 ....1
[Raw read]: length = 49
0000: 02 00 00 2D 03 03 33 39 BD CB CE 4B E2 D5 30 19 ...-..39...K..0.
0010: 56 D9 F3 E4 BC 67 D2 C6 A6 90 23 0F 58 CF 2D FF V....g....#.X.-.
0020: E3 18 17 5C A8 13 00 00 35 00 00 05 FF 01 00 01 ...\....5.......
0030: 00 .
main, READ: TLSv1.2 Handshake, length = 49
*** ServerHello, TLSv1.2
RandomCookie: GMT: 859356363 bytes = { 206, 75, 226, 213, 48, 25, 86, 217, 243, 228, 188, 103, 210, 198, 166, 144, 35, 15, 88, 207, 45, 255, 227, 24, 23, 92, 168, 19 }
Session ID: {}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
[read] MD5 and SHA1 hashes: len = 49
0000: 02 00 00 2D 03 03 33 39 BD CB CE 4B E2 D5 30 19 ...-..39...K..0.
0010: 56 D9 F3 E4 BC 67 D2 C6 A6 90 23 0F 58 CF 2D FF V....g....#.X.-.
0020: E3 18 17 5C A8 13 00 00 35 00 00 05 FF 01 00 01 ...\....5.......
0030: 00 .
[Raw read]: length = 5
0000: 16 03 03 09 3B ....;
[Raw read]: length = 2363
<REDACTED>
main, READ: TLSv1.2 Handshake, length = 2363
*** Certificate chain
chain [0] = [
<REDACTED>
]
Algorithm: [SHA256withRSA]
Signature:
]
chain [1] = [
[
<REDACTED>
]
]
Algorithm: [SHA1withRSA]
Signature:
<REDACTED>
]
***
Found trusted certificate:
[
[
REDACTED]
]
]
Algorithm: [SHA1withRSA]
Signature:
REDACTED
]
[read] MD5 and SHA1 hashes: len = 2363
REDACTED
[Raw read]: length = 5
REDACTED
[Raw read]: length = 97
REDACTED
main, READ: TLSv1.2 Handshake, length = 97
*** CertificateRequest
Cert Types: RSA, ECDSA
Supported Signature Algorithms: SHA256withRSA, SHA256withECDSA, SHA384withRSA, SHA384withECDSA, SHA1withRSA, SHA1withECDSA
Cert Authorities:
REDACTED
[read] MD5 and SHA1 hashes: len = 97
REDACTED
[Raw read]: length = 5
REDACTED
[Raw read]: length = 4
REDACTED
main, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
[write] MD5 and SHA1 hashes: len = 269
REDACTED
main, WRITE: TLSv1.2 Handshake, length = 269
[Raw write]: length = 274
REDACTED
SESSION KEYGEN:
PreMaster Secret:
REDACTED
CONNECTION KEYGEN:
Client Nonce:
REDACTED
Server Nonce:
REDACTED
Master Secret:
REDACTED
Client MAC write Secret:
REDACTED
Server MAC write Secret:
REDACTED
Client write key:
REDACTED
Server write key:
REDACTED
... no IV derived for this protocol
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 03 00 01 01 ......
*** Finished
verify_data: { 3, 113, 121, 151, 216, 225, 246, 250, 255, 32, 107, 196 }
***
[write] MD5 and SHA1 hashes: len = 16
REDACTED
Padded plaintext before ENCRYPTION: len = 64
REDACTED
main, WRITE: TLSv1.2 Handshake, length = 64
main, waiting for close_notify or alert: state 1
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 2A .*
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, bad_certificate
%% Invalidated: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
main, called closeSocket()
main, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
main, called close()
main, called closeInternal(true)
2016-08-30 13:35:53.922 ERROR 34035 --- [ main] o.s.c.c.c.ConsulPropertySourceLocator : Fail fast is set and there was an error reading configuration from consul.
2016-08-30 13:35:53.925 ERROR 34035 --- [ main] o.s.boot.SpringApplication : Application startup failed
com.ecwid.consul.transport.TransportException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.ecwid.consul.transport.AbstractHttpTransport.executeRequest(AbstractHttpTransport.java:91) ~[consul-api-1.1.10.jar!/:na]
at com.ecwid.consul.transport.AbstractHttpTransport.makeGetRequest(AbstractHttpTransport.java:50) ~[consul-api-1.1.10.jar!/:na]
at com.ecwid.consul.v1.ConsulRawClient.makeGetRequest(ConsulRawClient.java:81) ~[consul-api-1.1.10.jar!/:na]
at com.ecwid.consul.v1.kv.KeyValueConsulClient.getKVValues(KeyValueConsulClient.java:150) ~[consul-api-1.1.10.jar!/:na]
at com.ecwid.consul.v1.ConsulClient.getKVValues(ConsulClient.java:404) ~[consul-api-1.1.10.jar!/:na]
at org.springframework.cloud.consul.config.ConsulPropertySource.init(ConsulPropertySource.java:64) ~[spring-cloud-consul-config-1.0.2.RELEASE.jar!/:1.0.2.RELEASE]
at org.springframework.cloud.consul.config.ConsulPropertySourceLocator.create(ConsulPropertySourceLocator.java:135) ~[spring-cloud-consul-config-1.0.2.RELEASE.jar!/:1.0.2.RELEASE]
at org.springframework.cloud.consul.config.ConsulPropertySourceLocator.locate(ConsulPropertySourceLocator.java:113) ~[spring-cloud-consul-config-1.0.2.RELEASE.jar!/:1.0.2.RELEASE]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:89) ~[spring-cloud-context-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:640) ~[spring-boot-1.3.5.RELEASE.jar!/:1.3.5.RELEASE]
at org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:343) ~[spring-boot-1.3.5.RELEASE.jar!/:1.3.5.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:307) ~[spring-boot-1.3.5.RELEASE.jar!/:1.3.5.RELEASE]
at com.test.TestApp.main(TestApp.java:23) [TestApp-1.0.3.jar!/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_101]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_101]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_101]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_101]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:54) [TestApp-1.0.3.jar!/:na]
at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_101]
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[na:1.8.0_101]
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[na:1.8.0_101]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[na:1.8.0_101]
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1769) ~[na:1.8.0_101]
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124) ~[na:1.8.0_101]
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1083) ~[na:1.8.0_101]
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1222) ~[na:1.8.0_101]
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1134) ~[na:1.8.0_101]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348) ~[na:1.8.0_101]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[na:1.8.0_101]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[na:1.8.0_101]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[na:1.8.0_101]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[na:1.8.0_101]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[na:1.8.0_101]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[na:1.8.0_101]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164) ~[httpclient-4.5.jar!/:4.5]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139) ~[httpclient-4.5.jar!/:4.5]
at com.ecwid.consul.transport.AbstractHttpTransport.executeRequest(AbstractHttpTransport.java:75) ~[consul-api-1.1.10.jar!/:na]
... 18 common frames omitted
2016-08-30 13:35:53.938 INFO 34035 --- [ main] .b.l.ClasspathLoggingApplicationListener : Application failed to start with classpath: [jar:file:REDACTED, jar:file:REDACTED/]
Exception in thread "main" java.lang.RuntimeException: java.lang.reflect.InvocationTargetException
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:62)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:54)
... 1 more
Caused by: com.ecwid.consul.transport.TransportException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.ecwid.consul.transport.AbstractHttpTransport.executeRequest(AbstractHttpTransport.java:91)
at com.ecwid.consul.transport.AbstractHttpTransport.makeGetRequest(AbstractHttpTransport.java:50)
at com.ecwid.consul.v1.ConsulRawClient.makeGetRequest(ConsulRawClient.java:81)
at com.ecwid.consul.v1.kv.KeyValueConsulClient.getKVValues(KeyValueConsulClient.java:150)
at com.ecwid.consul.v1.ConsulClient.getKVValues(ConsulClient.java:404)
at org.springframework.cloud.consul.config.ConsulPropertySource.init(ConsulPropertySource.java:64)
at org.springframework.cloud.consul.config.ConsulPropertySourceLocator.create(ConsulPropertySourceLocator.java:135)
at org.springframework.cloud.consul.config.ConsulPropertySourceLocator.locate(ConsulPropertySourceLocator.java:113)
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:89)
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:640)
at org.springframework.boot.SpringApplication.createAndRefreshContext(SpringApplication.java:343)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:307)
at com.test.TestApp.main(TestApp.java:23)
... 6 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1769)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1083)
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1222)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1134)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139)
at com.ecwid.consul.transport.AbstractHttpTransport.executeRequest(AbstractHttpTransport.java:75)
... 18 more
enhancement