My Day job's production servers are based on Apple X-Serve and OSX as the operating system.
In a bid to get greater service stability last week we decided to roll out the latest system updates, notably upgrading to OSX 10.5.7
We rolled out first to our staging server which is effectively a mirror of production setup, it went smoothly and we tested our several critical apps and all seemed fine.
So we also ran all the additional system minor updates including Apples Java Update 4, as running this on my dev machine had resolved several issues with the java imaging libraries crashing the server while trying to process images with certain colour profiles etc.
Again all seemed good, so we rolled out to the live server. All went fine, or so we thought.
Co-incidently around this time i was experimenting on my dev machine (also 10.5.7 with java updater 4) with recently released google API components without much luck, i was constantly getting "I/O Exception: peer not authenticate" error when trying to connect to googles API. I thought it's just my machine playing up again...
A few days later clients using two seperate applications reported general application errors, after some digging around i traced both errors to CFHTTP calls in each application.
I tested the urls in the browser on the server and both were responding as expected... strange i thought...
So i noticed that both were SSL URLs and the error was "I/O Exception: peer not authenticate", which i then immediately connected back to the troubles i had connecting to googles API on my dev box. After some research on that error, it appeared that previously this error occured with connections to SSL URLs with certs issued by intermediate CAs which weren't present in the trusted CA keystore in the JVM. But google and our other API providers were using the most expensive CA's (thawte, verisign, etc) top level certs, which were definitely present by JVM 1.6 so this couldn't be the same issue.
At this point i asked a co-worker who was only on Java Update 3 to try the same code, or really a CFHTTP to any SSL URL. It worked as expected without error. Bugger.
Unfortunately apples java updates work via patching so there is no rollback or uninstall! In desperation we tried a developer preview of java update 5 on the also broken staging server, with the result that coldfusion no longer even starts up at all :(
So the only resolution was to restore our 10.5.2 pre-update backup and then re-upgrade to 10.5.7 without applying the java update 4.
This worked. We are happy for now! But i'd love to know the solution for this update 4 issues as my dev machine is still broken until i can find time to format and reinstall everything...
So, is anyone out there running OSX 10.5.7 and applied java update 4 and connect CFHTTP calls to SSL servers?
Please let me know!
Recent Comments