Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11731

Clearer exception message during initialization of too old OpenSSL libs

    XMLWordPrintable

    Details

      Description

      On Solaris 10 and 11 - when too old OpenSSL libs (0.9.8) are used with EAP, there is following error logged in server.log:

      ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service
      	at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:108)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLS, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLSContextSpi)
      	at java.security.Provider$Service.newInstance(Provider.java:1617)
      	at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
      	at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
      	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
      	at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:97)
      	... 5 more
      Caused by: java.lang.IllegalStateException: Could not load required symbol from libssl: SSL_get_servername
      	at org.wildfly.openssl.SSLImpl.initialize0(Native Method)
      	at org.wildfly.openssl.SSLImpl.initialize(SSLImpl.java:33)
      	at org.wildfly.openssl.SSL.init(SSL.java:185)
      	at org.wildfly.openssl.OpenSSLContextSPI.<init>(OpenSSLContextSPI.java:119)
      	at org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLSContextSpi.<init>(OpenSSLContextSPI.java:429)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      	at java.security.Provider$Service.newInstance(Provider.java:1595)
      	... 9 more
      

      It is correct that initialization fails as minimum supported/required version of OpenSSL libs is 1.0.1 actually. Although on other platforms (RHEL and Windows) we get clearer description of the initialization failure:

      Invalid OpenSSL Version (required OpenSSL 1.0.1 or newer)
      

      If possible, we should be consistent between all platforms also in this case (log clearer exception message that too old OpenSSL is used).

        Attachments

          Activity

            People

            Assignee:
            swd847 Stuart Douglas
            Reporter:
            jstourac Jan Stourac
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: