Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Optional
Fix Version/s: 7.1.0.CR1
Affects Version/s: 7.1.0.ER1
Component/s: Security
Labels:
- eap72
- wildfly-openssl

Target Release:

7.2.0.GA

SFDC Cases Counter:
SFDC Cases Links:

Description

On Solaris 10 and 11 - when too old OpenSSL libs (0.9.8) are used with EAP, there is following error logged in server.log:

ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service
	at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:108)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLS, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLSContextSpi)
	at java.security.Provider$Service.newInstance(Provider.java:1617)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
	at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
	at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:97)
	... 5 more
Caused by: java.lang.IllegalStateException: Could not load required symbol from libssl: SSL_get_servername
	at org.wildfly.openssl.SSLImpl.initialize0(Native Method)
	at org.wildfly.openssl.SSLImpl.initialize(SSLImpl.java:33)
	at org.wildfly.openssl.SSL.init(SSL.java:185)
	at org.wildfly.openssl.OpenSSLContextSPI.<init>(OpenSSLContextSPI.java:119)
	at org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLSContextSpi.<init>(OpenSSLContextSPI.java:429)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at java.security.Provider$Service.newInstance(Provider.java:1595)
	... 9 more

It is correct that initialization fails as minimum supported/required version of OpenSSL libs is 1.0.1 actually. Although on other platforms (RHEL and Windows) we get clearer description of the initialization failure:

Invalid OpenSSL Version (required OpenSSL 1.0.1 or newer)

If possible, we should be consistent between all platforms also in this case (log clearer exception message that too old OpenSSL is used).

Attachments

Activity

People

Assignee:: Stuart Douglas

Reporter:: Jan Stourac

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2017/06/21 9:25 AM

Updated:: 2021/10/24 6:08 AM

Resolved:: 2017/09/11 11:11 AM