Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-2568

Rejecting the SSL certificate while connecting via CLI block indefinately

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.0.0.ER5
    • 7.0.0.ER3
    • CLI, Security
    • None

      Connection to the CLI secured by SSL blocks indefinitely once I refuse to accept the server certificate.

      reproduce
      start standalone server and secure ManagementRealm with ssl

      6.4.0 behaviour

      ./jboss-cli.sh -c '/core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-path=$PATH_TO_KEYSTORE, keystore-password=$PASSWORD), reload'
      ./jboss-cli.sh -c 127.0.0.1:9443
      ...
      Accept certificate? [N]o, [T]emporarily, [P]ermenantly : N
      org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
      	at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:299)
      	at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:265)
      	at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:497)
      	at org.jboss.modules.Module.run(Module.java:312)
      	at org.jboss.modules.Main.main(Main.java:473)
      Caused by: org.jboss.as.cli.CommandLineException: Unable to negotiate SSL connection with controller at localhost:9999
      	at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1048)
      	at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:887)
      	at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:863)
      	at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:297)
      	... 8 more
      $
      

      7.0.0.ER3 behaviour

      ./jboss-cli.sh -c
      /core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-path=/path/to/keystore, keystore-password=password)
      /core-service=management/management-interface=http-interface:undefine-attribute(name=socket-binding
      /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding,value=management-https)
      reload
      

      Connect to the CLI and reject the certificate

      $ ./jboss-cli.sh --controller=https-remoting://localhost:9993 -c
      ...
      Accept certificate? [N]o, [T]emporarily, [P]ermenantly : N
      

      You are stuck at this point, all you can do is to interrupt (Ctrl+C)

      java.lang.InterruptedException
      	at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireInterruptibly(AbstractQueuedSynchronizer.java:1220)
      	at java.util.concurrent.locks.ReentrantLock.lockInterruptibly(ReentrantLock.java:335)
      	at java.util.concurrent.ArrayBlockingQueue.take(ArrayBlockingQueue.java:400)
      	at org.jboss.aesh.console.Console.getInput(Console.java:484)
      	at org.jboss.aesh.console.Console.getInputLine(Console.java:528)
      	at org.jboss.as.cli.impl.Console$Factory$1.read(Console.java:222)
      	at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:197)
      	at org.jboss.as.cli.impl.CommandContextImpl.readLine(CommandContextImpl.java:899)
      	at org.jboss.as.cli.impl.CommandContextImpl.handleSSLFailure(CommandContextImpl.java:1137)
      	at org.jboss.as.cli.impl.CommandContextImpl.access$1200(CommandContextImpl.java:183)
      	at org.jboss.as.cli.impl.CommandContextImpl$LazyDelagatingTrustManager$1.run(CommandContextImpl.java:1897)
      	at org.jboss.as.protocol.GeneralTimeoutHandler.suspendAndExecute(GeneralTimeoutHandler.java:45)
      	at org.jboss.as.cli.impl.CommandContextImpl$LazyDelagatingTrustManager.checkServerTrusted(CommandContextImpl.java:1892)
      	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:936)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1493)
      	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
      	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
      	at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
      	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
      	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
      	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
      	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
      	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
      	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
      	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
      	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
      	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
      	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
      	at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
      Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9993
      

              olubyans@redhat.com Alexey Loubyansky
              pkremens@redhat.com Petr Kremensky (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: