-
Bug
-
Resolution: Done
-
Major
-
7.0.0.ER3
-
None
Connection to the CLI secured by SSL blocks indefinitely once I refuse to accept the server certificate.
reproduce
start standalone server and secure ManagementRealm with ssl
6.4.0 behaviour
./jboss-cli.sh -c '/core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-path=$PATH_TO_KEYSTORE, keystore-password=$PASSWORD), reload' ./jboss-cli.sh -c 127.0.0.1:9443 ... Accept certificate? [N]o, [T]emporarily, [P]ermenantly : N org.jboss.as.cli.CliInitializationException: Failed to connect to the controller at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:299) at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:265) at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.jboss.modules.Module.run(Module.java:312) at org.jboss.modules.Main.main(Main.java:473) Caused by: org.jboss.as.cli.CommandLineException: Unable to negotiate SSL connection with controller at localhost:9999 at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1048) at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:887) at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:863) at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:297) ... 8 more $
7.0.0.ER3 behaviour
./jboss-cli.sh -c /core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-path=/path/to/keystore, keystore-password=password) /core-service=management/management-interface=http-interface:undefine-attribute(name=socket-binding /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding,value=management-https) reload
Connect to the CLI and reject the certificate
$ ./jboss-cli.sh --controller=https-remoting://localhost:9993 -c ... Accept certificate? [N]o, [T]emporarily, [P]ermenantly : N
You are stuck at this point, all you can do is to interrupt (Ctrl+C)
java.lang.InterruptedException at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireInterruptibly(AbstractQueuedSynchronizer.java:1220) at java.util.concurrent.locks.ReentrantLock.lockInterruptibly(ReentrantLock.java:335) at java.util.concurrent.ArrayBlockingQueue.take(ArrayBlockingQueue.java:400) at org.jboss.aesh.console.Console.getInput(Console.java:484) at org.jboss.aesh.console.Console.getInputLine(Console.java:528) at org.jboss.as.cli.impl.Console$Factory$1.read(Console.java:222) at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:197) at org.jboss.as.cli.impl.CommandContextImpl.readLine(CommandContextImpl.java:899) at org.jboss.as.cli.impl.CommandContextImpl.handleSSLFailure(CommandContextImpl.java:1137) at org.jboss.as.cli.impl.CommandContextImpl.access$1200(CommandContextImpl.java:183) at org.jboss.as.cli.impl.CommandContextImpl$LazyDelagatingTrustManager$1.run(CommandContextImpl.java:1897) at org.jboss.as.protocol.GeneralTimeoutHandler.suspendAndExecute(GeneralTimeoutHandler.java:45) at org.jboss.as.cli.impl.CommandContextImpl$LazyDelagatingTrustManager.checkServerTrusted(CommandContextImpl.java:1892) at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:936) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1493) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543) at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314) at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204) at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98) at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72) at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150) at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385) at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372) at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92) at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65) at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93) at org.xnio.nio.WorkerThread.run(WorkerThread.java:559) Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9993
- is cloned by
-
WFCORE-1296 Rejecting the SSL certificate while connecting via CLI block indefinately
- Resolved