Re: Exception: Server name value of host_name cannot have the trailing dot

Wed, 09 Apr 2025 05:09:33 -0700 

On 09/04/2025 12:45, Vishwas Bm wrote:

Hi,

I am getting below error when having tomcat server name with trailing dot
(.) when using tomcat 10.
 From the stacktrace, it looks like it is coming as part of SNI handling.


That is generated by the JRE. Nothing to do with Tomcat.
I'll note that RFC 6066 states that the trailing dot should not be present so this JRE exception looks to be correct. 

Mark



Is this supported in tomcat 11 or any way to bypass it ?

javax.net.ssl.SSLProtocolException: Illegal server name, type=host_name(0),
name=tomcat-login.osns.svc.cluster.local., value={.....}
         at
java.base/sun.security.ssl.ServerNameExtension$CHServerNamesSpec.<init>(Unknown
Source)
         at
java.base/sun.security.ssl.ServerNameExtension$CHServerNamesStringizer.toString(Unknown
Source)
         at java.base/sun.security.ssl.SSLExtension.toString(Unknown Source)
         at java.base/sun.security.ssl.SSLExtensions.toString(Unknown Source)
         at
java.base/sun.security.ssl.ClientHello$ClientHelloMessage.toString(Unknown
Source)
         at
java.base/sun.security.ssl.SSLLogger$SSLSimpleFormatter.formatObject(Unknown
Source)
         at
java.base/sun.security.ssl.SSLLogger$SSLSimpleFormatter.formatParameters(Unknown
Source)
         at java.base/sun.security.ssl.SSLLogger.log(Unknown Source)
         at java.base/sun.security.ssl.SSLLogger.fine(Unknown Source)
         at
java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown
Source)
         at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
         at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown
Source)
         at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown
Source)
         at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown
Source)
         at java.base/java.security.AccessController.doPrivileged(Unknown
Source)
         at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)
         at
org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:429)
         at
org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:494)
         at
org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:215)
         at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1769)
         at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
         at
org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
         at
org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
         at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
         at java.base/java.lang.Thread.run(Unknown Source)
*  Caused by: java.lang.IllegalArgumentException: Server name value of
host_name cannot have the trailing dot*
         at java.base/javax.net.ssl.SNIHostName.checkHostName(Unknown Source)
         at java.base/javax.net.ssl.SNIHostName.<init>(Unknown Source)
         ... 25 more}


*Thanks & Regards,*

*Vishwas *




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to