Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2292

HTTPS / Native Management protocol mismatch when using SSL

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • None
    • None
    • Server
    • None

    Description

      It looks like https://github.com/wildfly/wildfly-core/commit/77158040d82d74af33800fce8813189e66471c5b may have introduced some soft or mismatch when trying to connect using SSL / TLS, the requested buffer size is quite large.

      1:30:58,377 TRACE [org.xnio.nio.selector] (management Accept) Beginning select on sun.nio.ch.EPollSelectorImpl@2ab25536
      11:30:58,377 TRACE [org.xnio.listener] (management I/O-1) Invoking listener org.jboss.remoting3.remote.ServerConnectionOpenListener$Initial@aca44ee on channel org.xnio.conduits.ConduitStreamSourceChannel@787e0a1f

      11:30:58,377 TRACE [org.jboss.remoting.remote.connection] (management I/O-1) Not enough buffered bytes for message of size 369296128+4 (java.nio.DirectByteBuffer[pos=0 lim=135 cap=8192])
      ^^^^^^^

      11:30:58,377 TRACE [org.jboss.remoting.remote.connection] (management I/O-1) Compacted existing buffer java.nio.DirectByteBuffer[pos=135 lim=8192 cap=8192]
      11:30:58,377 TRACE [org.jboss.remoting.remote.connection] (management I/O-1) Received EOF
      11:30:58,377 TRACE [org.jboss.remoting.remote] (management I/O-1) Received connection end-of-stream
      11:30:58,377 TRACE [org.xnio.nio.selector] (management I/O-1) Beginning select on sun.nio.ch.EPollSelectorImpl@1cc4241b

      This was with native management, but I see the same thing using https. The client is jboss-cli.sh, connecting with:

      ./bin/jboss-cli.sh -c --controller=127.0.0.1:9999 --user=admin --password=password

      Relevant bits of config in use:

      <management>
      <security-realms>
      <security-realm name="sslSecurityRealm">
      <server-identities>
      <ssl>
      <keystore path="/home/kwills/ssl/configuration/server.keystore" alias="server" keystore-password="asdasd"/>
      </ssl>
      </server-identities>
      <authentication>
      <properties path="/home/kwills/ssl/configuration/users.properties" plain-text="true"/>
      </authentication>
      </security-realm>
      </security-realms>

      <management-interfaces>
      <native-interface security-realm="sslSecurityRealm">
      <socket-binding native="native"/>
      </native-interface>
      </management-interfaces>
      </management>

      <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
      <socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}"/>
      <socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
      <socket-binding name="native" interface="management" port="${jboss.management.https.port:9999}"/>
      </socket-binding-group>

      Attachments

        Issue Links

          duplicates

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2342 CLI can't connect to DC on native port without defined remote protocol

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved

          Activity

            People

              kwills@redhat.com Ken Wills
              kwills@redhat.com Ken Wills
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: