-
Bug
-
Resolution: Done
-
Blocker
-
7.4.0.CD20-CR1
-
None
Looks like detection of `libwfssl` is broken in current build. When I try to configure OpenSSL security provider in legacy security, I can see following errors in standalone.log:
15:39:44,704 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service15:39:44,704 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:116) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.lang.Thread.run(Thread.java:748)Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLSv1.2, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi) at java.security.Provider$Service.newInstance(Provider.java:1617) at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) at sun.security.jca.GetInstance.getInstance(GetInstance.java:164) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:105) ... 8 moreCaused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException at org.wildfly.openssl.SSL.init(SSL.java:87) at org.wildfly.openssl.OpenSSLContextSPI.<init>(OpenSSLContextSPI.java:129) at org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi.<init>(OpenSSLContextSPI.java:484) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at java.security.Provider$Service.newInstance(Provider.java:1595) ... 12 moreCaused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.wildfly.openssl.SSL.init(SSL.java:82) ... 19 moreCaused by: java.lang.UnsatisfiedLinkError: no wfssl in java.library.path at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1860) at java.lang.Runtime.loadLibrary0(Runtime.java:870) at java.lang.System.loadLibrary(System.java:1124) at org.wildfly.openssl.SSL$LibraryLoader.load(SSL.java:288) ... 24 more 15:39:44,818 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("core-service" => "management"), ("security-realm" => "ApplicationRealm")]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context" => "WFLYDM0018: Unable to start service Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLSv1.2, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi) Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException Caused by: java.lang.reflect.InvocationTargetException Caused by: java.lang.UnsatisfiedLinkError: no wfssl in java.library.path"}}
This is a regression against previous release - EAP7.3.1. Expected behaviour is no error in the log, libwfssl is loaded successfully and OpenSSL is correctly used for TLS connections.
Note - there has been a change in the location of the particular libwfssl native binaries in the distribution, see https://github.com/wildfly-security/wildfly-openssl/commit/c5c07d3dc0d6376409a028ffcff9af35dbc1b616
$ find . -name *wfssl* ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-sparcv9/libwfssl.so ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-x86_64/libwfssl.so ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-x86_64/wfssl.dll ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-i386/wfssl.dll ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-i386/libwfssl.so ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-s390x/libwfssl.so ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-x86_64/libwfssl.so
and
$ find . -name *ssl*
./modules/system/layers/base/org/wildfly/openssl
./modules/system/layers/base/org/wildfly/openssl/main/wildfly-openssl-java-1.1.0.Final-redhat-00001.jar
./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-sparcv9/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/win-x86_64/wfssl.dll
./modules/system/layers/base/org/wildfly/openssl/main/lib/win-i386/wfssl.dll
./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-s390x/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/el8-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/el7-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/el6-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/el6-i386/libwfssl.so
./modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-ssl-1.12.1.Final-redhat-00001.jar
- is cloned by
-
WFSSL-34 libwfssl is not detected by EAP automatically -> cannot use OpenSSL security provider
- Resolved
- relates to
-
MODULES-400 Automatically set the os.name if the -Djboss.modules.os-name property has not already been specified when running on RHEL platforms
- Resolved
-
WFCORE-5069 libwfssl is not detected by EAP automatically -> cannot use OpenSSL security provider
- Closed
-
WFSSL-35 Release WildFly OpenSSL 1.1.1.Final
- Resolved
-
WFSSL-39 Update the OS-version-specific category that's added to the native search path to match the format used by JBoss Modules
- Resolved
-
WFSSL-40 Update the directory names that are used for the RHEL natives
- Resolved
-
WFSSL-41 Release WildFly OpenSSL 1.1.2.Final
- Resolved
-
WFCORE-5050 Upgrade WildFly OpenSSL to 1.1.1.Final
- Closed
-
WFCORE-5074 Upgrade JBoss Modules to 1.10.2.Final
- Closed
-
WFCORE-5075 Upgrade WildFly OpenSSL to 1.1.2.Final
- Closed