Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Optional
Fix Version/s: 7.1.0.CR1
Affects Version/s: 7.1.0.ER1
Component/s: Security
Labels:
- eap72
- wildfly-openssl

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.2.0.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

On Solaris 10 and 11 - when too old OpenSSL libs (0.9.8) are used with EAP, there is following error logged in server.log:

ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service
	at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:108)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLS, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLSContextSpi)
	at java.security.Provider$Service.newInstance(Provider.java:1617)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
	at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:97)
	... 5 more
Caused by: java.lang.IllegalStateException: Could not load required symbol from libssl: SSL_get_servername
	at org.wildfly.openssl.SSLImpl.initialize0(Native Method)
	at org.wildfly.openssl.SSLImpl.initialize(SSLImpl.java:33)
	at org.wildfly.openssl.SSL.init(SSL.java:185)
	at org.wildfly.openssl.OpenSSLContextSPI.<init>(OpenSSLContextSPI.java:119)
	at org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLSContextSpi.<init>(OpenSSLContextSPI.java:429)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at java.security.Provider$Service.newInstance(Provider.java:1595)
	... 9 more

It is correct that initialization fails as minimum supported/required version of OpenSSL libs is 1.0.1 actually. Although on other platforms (RHEL and Windows) we get clearer description of the initialization failure:

Invalid OpenSSL Version (required OpenSSL 1.0.1 or newer)

If possible, we should be consistent between all platforms also in this case (log clearer exception message that too old OpenSSL is used).

Assignee:: Stuart Douglas (Inactive)

Reporter:: Jan Stourac

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2017/06/21 9:25 AM

Updated:: 2024/09/02 4:00 PM

Resolved:: 2017/09/11 11:11 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates