Bug 961257
| Summary: | No available certificate or key corresponds to the SSL cipher suites which are enabled when 2 SSL connector configured | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Hisanobu Okuda <hokuda> | ||||
| Component: | Web | Assignee: | Rémy Maucherat <rmaucher> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jan Stefl <jstefl> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 6.0.1 | CC: | aogburn, jbliznak, jclere, kkhan, pslavice, rlucente | ||||
| Target Milestone: | DR1 | ||||||
| Target Release: | EAP 6.4.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | Type: | Bug | |||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1138672 | ||||||
| Bug Blocks: | 981516, 1022777 | ||||||
| Attachments: |
|
||||||
|
Description
Hisanobu Okuda
2013-05-09 09:14:47 UTC
I implemented a fix in a test build on EAP 6.0.1/JBossWeb 7.0.17.GA. This pretty much just allows for synchronized connector initialization through a system property. If that property is set to true, then Http11Protocol.init operations will be done synchronized on a static object. Testing shows the issue is successfully avoided altogether here with multiple https connector set up with that fix applied. I've attached the modified Http11Protocol class for a reference. What would you guys think about implementing this or something similar to it in future releases as an option for protection against this issue in the future? Created attachment 767982 [details]
test fix
For EAP 6.3.0.ER10 configured as described above, the following error still occurs randomly (approx. for 1 startup of 10): 17:20:39,281 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-6) JBWEB003043: Error initializing endpoint: java.io.IOException: java.security.KeyStoreException: invalid KeyStore state: found 2 private keys sharing CKA_ID 0x9d1b9651c5675fbcee9b91a10c06e6118379fbc1 at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:440) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:162) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:973) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:174) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.apache.catalina.connector.Connector.init(Connector.java:985) [jbossweb-7.4.8.Final-redhat-4.jar:7.4.8.Final-redhat-4] at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) [jboss-as-web-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19] at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55] 17:20:39,298 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service jboss.web.connector.https: org.jboss.msc.service.StartException in service jboss.web.connector.https: JBAS018007: Error starting web connector at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:376) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55] Caused by: LifecycleException: JBWEB000023: Protocol handler initialization failed at org.apache.catalina.connector.Connector.init(Connector.java:987) at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) ... 5 more In my opinion (also confirmed by Radim), this error message is related to the same problem as described above. After reviewing, I think it is more generic to sync the connector init. r2496 in web. Fixed by component upgrade to JBoss Web 7.5.0.Beta1: https://bugzilla.redhat.com/show_bug.cgi?id=1138672 Verified that this issue is fixed in EAP 6.4.0.DR3. |