SonarLint 和 IBM JVM 的 HTTPS 问题

HTTPS Problems with SonarLint and IBM JVM

我在使用 IBM JVM 请求 HTTPS SonarQube 时遇到 SonarLint 问题。

使用的 JVM:

java.vm.name=IBM J9 VM
java.vm.specification.name=Java Virtual Machine Specification
java.vm.specification.vendor=Oracle Corporation
java.vm.specification.version=1.8
java.vm.vendor=IBM Corporation
java.vm.version=2.8

堆栈跟踪:

java.lang.IllegalStateException: Fail to request https://sonarserver/api/system/status
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:179)
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.get(HttpConnector.java:111)
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.call(HttpConnector.java:100)
at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.rawGet(SonarLintWsClient.java:112)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.fetchServerInfos(ServerVersionAndStatusChecker.java:97)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:61)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:51)
at org.sonarsource.sonarlint.core.container.connected.update.perform.GlobalStorageUpdateExecutor.update(GlobalStorageUpdateExecutor.java:76)
at org.sonarsource.sonarlint.core.container.connected.ConnectedContainer.update(ConnectedContainer.java:109)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.lambda$null(ConnectedSonarLintEngineImpl.java:178)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl$$Lambda0.000000002247FC40.apply(Unknown Source)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.runInConnectedContainer(ConnectedSonarLintEngineImpl.java:305)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.lambda$update(ConnectedSonarLintEngineImpl.java:178)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl$$Lambda9.00000000222B2D20.get(Unknown Source)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.withRwLock(ConnectedSonarLintEngineImpl.java:319)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.update(ConnectedSonarLintEngineImpl.java:173)
at org.sonarlint.eclipse.core.internal.server.Server.updateStorage(Server.java:289)
at org.sonarlint.eclipse.core.internal.jobs.ServerUpdateJob.run(ServerUpdateJob.java:47)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:220)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at com.ibm.jsse2.a.a(a.java:134)
at com.ibm.jsse2.a.a(a.java:219)
at com.ibm.jsse2.as.a(as.java:648)
at com.ibm.jsse2.as.i(as.java:895)
at com.ibm.jsse2.as.a(as.java:283)
at com.ibm.jsse2.as.startHandshake(as.java:115)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:268)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:238)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:149)
at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:192)
at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)
at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:185)
at okhttp3.RealCall.execute(RealCall.java:69)
at org.sonarsource.sonarlint.core.util.ws.HttpConnector.doCall(HttpConnector.java:176)
... 18 more

如果我使用 oracle JVM (1.8 / 25.144-b01) 启动 eclipse,一切正常,但我需要使用 IBM J9 VM。

javax.net.ssl.trustStore / javax.net.ssl.trustStorePassword eclipse.ini 中的条目在这些 JVM 中的工作方式似乎有所不同。我已经比较了 java.security 个文件。希望有人有什么建议。

我的一个同事解决了这个问题。 nginx 服务器的 ssl_protocolsssl_ciphers 配置是严格的 IBM JVM... "intermediate configuration" 需要使用。

有帮助link:https://mozilla.github.io/server-side-tls/ssl-config-generator/