CFX throws error: "java.io.IOException: HTTPS hostname wrong"

Question

I've developed a Java CFX tag to be used in ColdFusion 10. There is a Java class which gets an URL as param und should give back content of the website behind that URL.

We're using https protocol and I need to ignore certificate errors. Therefor I've implemented the solution being suggested here: HTTPS hostname wrong: should be . What causes this?

I've tested my methods in the way Adobe recommends it here: Approaches to debugging Java CFX tags

Everything works fine.

But when I attach my CFX tag to my ColdFusion Instance and try to use it from ColdFusion I'll become an error like this:

java.io.IOException: HTTPS hostname wrong

My question is, why? Debugging my CFX Tag shows no error, but using it in ColdFusion brings that error. For me it looks like ColdFusion overwrites some of my class declarations on runtime. Does anyone have some ideas? Is this phenomenon known? Has anybody else experienced that weird behaviour? Or am I getting something wrong?

To understand my problem here are some more facts:

• OS: Suse Linux Enterprise Server
• CF: ColdFusion 10 Multiserver
• Dev-Environment for Java: NetBeans 7.1.2
• Dev-Environment for CF: ColdFusion Builder 2.1

Some source code for demonstration purposes:

...
url = new URL("https://domainname/path/file.type");
HostnameVerifier hv = new HostnameVerifier() {
    @Override
    public boolean verify(String urlHostName, SSLSession ssls) {
       System.out.println("Warning: URL HOST: " + urlHostName + " vs. " + ssls.getPeerHost());
        return true;
    }
};
HttpsURLConnection.setDefaultHostnameVerifier(hv);
URLConnection conn = url.openConnection();
...(Do something)...

Problem:

• Debbuging with main Method works fine
• Using CFX Tag in ColdFusion in the same way fails.

Answer 1

Okay, finally I've managed to get it working - here's how:

First I've rebuild some code, as follows.

SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
SSLContext.setDefault(sc);

URL url = new URL(URLStr);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
/**
* Create our own hostname verifier which always returns true
* to guarantee that our certificates are accepted
*/
conn.setHostnameVerifier(new HostnameVerifier(){
@Override
public boolean verify(String string, SSLSession ssls) {
    return true;
}
});

DefaultTrustManager reads as follows:

 private static class DefaultTrustManager implements X509TrustManager { 
@Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} 
@Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} 
@Override public X509Certificate[] getAcceptedIssuers() { 
return null; 
} 
}

As you can see, I've set my own HostnameVerifier not as default but on the concrete connection (conn.setHostNameVerifier()). In addition I have to cast url.openConnection to HttpsURLConnection.

So far. And then again - Debugger workes like a charm, Cfx deployed on CF-Server - nothing happens, but strange Error in Log:

"Error","ajp-bio-8013-exec-1","12/07/12","16:53:07","sys_bdr","com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl cannot be cast to javax.net.ssl.HttpsURLConnection The specific sequence of files included or processed is: /path/to/test/file/test.cfm, line: 61 "
 java.lang.ClassCastException: com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl cannot be cast to javax.net.ssl.HttpsURLConnection

This last problem could be fixed by using a solution described here: http://danwatt.org/2012/06/making-java-coldfusion-tomcat-and-payflowpro-play-nicely/

ColdFusion needs to be started with another JVM parameter:

-Djava.protocol.handler.pkgs=javax.net.ssl

So in conclusion: some coding problems here, which could be fixed and in addition a missing ColdFusion JVM parameter.