February 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-5660) Add metrics for Infinispan thread pools

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-5660?page=com.atlassian.jira.plugin.... ] Radoslav Husar updated WFLY-5660: --------------------------------- Fix Version/s: (was: 12.0.0.Final) > Add metrics for Infinispan thread pools > --------------------------------------- > > Key: WFLY-5660 > URL: https://issues.jboss.org/browse/WFLY-5660 > Project: WildFly > Issue Type: Feature Request > Components: Clustering > Affects Versions: 10.0.0.CR4 > Reporter: Paul Ferraro > Assignee: Radoslav Husar > > Now that we have thread pool resources, we should expose metrics to expose things like active thread count, queue size, etc. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-5551) Formalize ejb clustering modules into a proper subsystem

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-5551?page=com.atlassian.jira.plugin.... ] Radoslav Husar updated WFLY-5551: --------------------------------- Fix Version/s: (was: 12.0.0.Final) > Formalize ejb clustering modules into a proper subsystem > -------------------------------------------------------- > > Key: WFLY-5551 > URL: https://issues.jboss.org/browse/WFLY-5551 > Project: WildFly > Issue Type: Enhancement > Components: Clustering > Affects Versions: 10.0.0.CR3 > Reporter: Paul Ferraro > Assignee: Paul Ferraro > > Currently, the coupling between the ejb3 subsystem and the modules required for the distributed cache is very loose. > Consequently, misconfiguration (e.g. a missing "ejb" cache-container) can prevent deployment from succeeding without an adequate explanation. > The subsystem would define the requisite cache-container, exposed as a capability. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9923) EJBCLIENT000509: Unexpected exception processing EJB request: NPE during server graceful shutdown

by Richard Janík (JIRA)

Richard Janík created WFLY-9923: ----------------------------------- Summary: EJBCLIENT000509: Unexpected exception processing EJB request: NPE during server graceful shutdown Key: WFLY-9923 URL: https://issues.jboss.org/browse/WFLY-9923 Project: WildFly Issue Type: Bug Components: Clustering, EJB Affects Versions: 12.0.0.Beta1 Reporter: Richard Janík Assignee: David Lloyd Seen in our clustering failover tests for remote stateful EJBs. Setup: 4 node cluster, one node at the time is shut down gracefully, while 2000 standalone clients keep calling the application. During the graceful shutdown, 2 servers logged this error message right after stopping the deployment: {noformat} [JBossINF] [0m[33m05:27:23,973 WARN [org.infinispan.transaction.impl.TransactionTable] (ServerService Thread Pool -- 81) ISPN000100: Stopping, but there are 0 local transactions and 28 remote transactions that did not finish in time. [JBossINF] [0m[0m05:27:23,974 INFO [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 81) WFLYCLINF0003: Stopped clusterbench-ee7.ear/clusterbench-ee7-ejb.jar cache from ejb container [JBossINF] [0m[31m05:27:23,989 ERROR [org.jboss.ejb.client.invocation] (default task-88) EJBCLIENT000509: Unexpected exception processing EJB request: java.lang.NullPointerException [JBossINF] at org.jboss.as.ejb3.deployment.DeploymentRepository.getStartedModules(DeploymentRepository.java:202) [JBossINF] at org.jboss.as.ejb3.remote.AssociationImpl.findEJB(AssociationImpl.java:400) [JBossINF] at org.jboss.as.ejb3.remote.AssociationImpl.receiveInvocationRequest(AssociationImpl.java:116) [JBossINF] at org.jboss.ejb.protocol.remote.EJBServerChannel$ReceiverImpl.handleInvocationRequest(EJBServerChannel.java:450) [JBossINF] at org.jboss.ejb.protocol.remote.EJBServerChannel$ReceiverImpl.handleMessage(EJBServerChannel.java:188) [JBossINF] at org.jboss.remoting3.remote.RemoteConnectionChannel.lambda$receiveMessage$2(RemoteConnectionChannel.java:361) [JBossINF] at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:926) [JBossINF] at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) [JBossINF] at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) [JBossINF] at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) [JBossINF] at java.lang.Thread.run(Thread.java:748) {noformat} Server log: [ejbremote-shutdown-dist-sync-server1|https://jenkins.hosts.mwqe.eng.bos.r...] [ejbremote-shutdown-dist-sync-server4|https://jenkins.hosts.mwqe.eng.bos.r...] -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (ELY-1528) Unable to create SSL connection if expired certificate chain used

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/ELY-1528?page=com.atlassian.jira.plugin.s... ] Martin Choma moved WFLY-9922 to ELY-1528: ----------------------------------------- Project: WildFly Elytron (was: WildFly) Key: ELY-1528 (was: WFLY-9922) Component/s: SSL (was: Security) Affects Version/s: 1.2.1.Final (was: 12.0.0.CR1) > Unable to create SSL connection if expired certificate chain used > ----------------------------------------------------------------- > > Key: ELY-1528 > URL: https://issues.jboss.org/browse/ELY-1528 > Project: WildFly Elytron > Issue Type: Bug > Components: SSL > Affects Versions: 1.2.1.Final > Reporter: Martin Choma > > Reproducer: > * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. > * Server certificate is expired > * Client has Intermediate CA in Elytron truststore > * SSL handshake fails using Elytron client ssl context: > {code} > 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown > 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 > 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 > 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... > 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() > 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 > {code} > Full SSL handshake log is in attached ssl_handshake_CA.log > * If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. > {code} > 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 > at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) > at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) > at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) > at java.lang.Thread.run(Thread.java:748) > {code} > Full SSL handshake log is in attached ssl_handshake_certificate.log > So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. > [1] https://issues.jboss.org/browse/JBEAP-6157 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9922) Unable to create SSL connection if expired certificate chain used

by Martin Choma (JIRA)

Martin Choma created WFLY-9922: ---------------------------------- Summary: Unable to create SSL connection if expired certificate chain used Key: WFLY-9922 URL: https://issues.jboss.org/browse/WFLY-9922 Project: WildFly Issue Type: Bug Components: Security Affects Versions: 12.0.0.CR1 Reporter: Martin Choma Reproducer: * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. * Server certificate is expired * Client has Intermediate CA in Elytron truststore * SSL handshake fails using Elytron client ssl context: {code} 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 {code} Full SSL handshake log is in attached ssl_handshake_CA.log * If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. {code} 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) at java.lang.Thread.run(Thread.java:748) {code} Full SSL handshake log is in attached ssl_handshake_certificate.log So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. [1] https://issues.jboss.org/browse/JBEAP-6157 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9921) Unable to create SSL connection if expired certificate chain used

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-9921?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-9921: ------------------------------- Description: Reproducer: * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. * Server certificate is expired * Client has Intermediate CA in Elytron truststore * SSL handshake fails using Elytron client ssl context: {code} 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 {code} Full SSL handshake log is in attached ssl_handshake_CA.log * If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. {code} 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) at java.lang.Thread.run(Thread.java:748) {code} Full SSL handshake log is in attached ssl_handshake_certificate.log So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. [1] https://issues.jboss.org/browse/JBEAP-6157 was: Reproducer: * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. * Server certificate is expired * Client has Intermediate CA in Elytron truststore * SSL handshake fails using Elytron client ssl context: {code} 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 {code} If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. {code} 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) at java.lang.Thread.run(Thread.java:748) {code} So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. [1] https://issues.jboss.org/browse/JBEAP-6157 > Unable to create SSL connection if expired certificate chain used > ----------------------------------------------------------------- > > Key: WFLY-9921 > URL: https://issues.jboss.org/browse/WFLY-9921 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.CR1 > Reporter: Martin Choma > Attachments: ssl_handshake_CA.log, ssl_handshake_certificate.log > > > Reproducer: > * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. > * Server certificate is expired > * Client has Intermediate CA in Elytron truststore > * SSL handshake fails using Elytron client ssl context: > {code} > 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown > 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 > 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 > 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... > 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() > 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 > {code} > Full SSL handshake log is in attached ssl_handshake_CA.log > * If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. > {code} > 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 > at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) > at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) > at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) > at java.lang.Thread.run(Thread.java:748) > {code} > Full SSL handshake log is in attached ssl_handshake_certificate.log > So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. > [1] https://issues.jboss.org/browse/JBEAP-6157 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9921) Unable to create SSL connection if expired certificate chain used

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-9921?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-9921: ------------------------------- Description: Reproducer: * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. * Server certificate is expired * Client has Intermediate CA in Elytron truststore * SSL handshake fails using Elytron client ssl context: {code} 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 {code} Full SSL handshake log is in attached ssl_handshake_CA.log * If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. {code} 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) at java.lang.Thread.run(Thread.java:748) {code} Full SSL handshake log is in attached ssl_handshake_certificate.log So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. [1] https://issues.jboss.org/browse/JBEAP-6157 was: Reproducer: * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. * Server certificate is expired * Client has Intermediate CA in Elytron truststore * SSL handshake fails using Elytron client ssl context: {code} 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 {code} Full SSL handshake log is in attached ssl_handshake_CA.log * If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. {code} 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) at java.lang.Thread.run(Thread.java:748) {code} Full SSL handshake log is in attached ssl_handshake_certificate.log So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. [1] https://issues.jboss.org/browse/JBEAP-6157 > Unable to create SSL connection if expired certificate chain used > ----------------------------------------------------------------- > > Key: WFLY-9921 > URL: https://issues.jboss.org/browse/WFLY-9921 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.CR1 > Reporter: Martin Choma > Attachments: ssl_handshake_CA.log, ssl_handshake_certificate.log > > > Reproducer: > * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. > * Server certificate is expired > * Client has Intermediate CA in Elytron truststore > * SSL handshake fails using Elytron client ssl context: > {code} > 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown > 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 > 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 > 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... > 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() > 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 > {code} > Full SSL handshake log is in attached ssl_handshake_CA.log > * If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. > {code} > 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 > at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) > at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) > at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) > at java.lang.Thread.run(Thread.java:748) > {code} > Full SSL handshake log is in attached ssl_handshake_certificate.log > So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. > [1] https://issues.jboss.org/browse/JBEAP-6157 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9921) Unable to create SSL connection if expired certificate chain used

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-9921?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-9921: ------------------------------- Attachment: ssl_handshake_CA.log ssl_handshake_certificate.log > Unable to create SSL connection if expired certificate chain used > ----------------------------------------------------------------- > > Key: WFLY-9921 > URL: https://issues.jboss.org/browse/WFLY-9921 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.CR1 > Reporter: Martin Choma > Attachments: ssl_handshake_CA.log, ssl_handshake_certificate.log > > > Reproducer: > * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. > * Server certificate is expired > * Client has Intermediate CA in Elytron truststore > * SSL handshake fails using Elytron client ssl context: > {code} > 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown > 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 > 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 > 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... > 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() > 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 > {code} > If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. > {code} > 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 > at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) > at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) > at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) > at java.lang.Thread.run(Thread.java:748) > {code} > So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. > [1] https://issues.jboss.org/browse/JBEAP-6157 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-37) [QE] - SWS-51 - View Istio's services details

by Hayk Hovsepyan (JIRA)

[ https://issues.jboss.org/browse/SWSQE-37?page=com.atlassian.jira.plugin.s... ] Hayk Hovsepyan updated SWSQE-37: -------------------------------- Summary: [QE] - SWS-51 - View Istio's services details (was: [QE] - SWS-51) > [QE] - SWS-51 - View Istio's services details > --------------------------------------------- > > Key: SWSQE-37 > URL: https://issues.jboss.org/browse/SWSQE-37 > Project: Swift Sunshine QE > Issue Type: Task > Reporter: Hayk Hovsepyan > Assignee: Sunil kondkar > > Test subtasks of https://issues.jboss.org/browse/SWS-51 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9921) Unable to create SSL connection if expired certificate chain used

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-9921?page=com.atlassian.jira.plugin.... ] Martin Choma updated WFLY-9921: ------------------------------- Attachment: (was: ssl_handshake_chain.log) > Unable to create SSL connection if expired certificate chain used > ----------------------------------------------------------------- > > Key: WFLY-9921 > URL: https://issues.jboss.org/browse/WFLY-9921 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.CR1 > Reporter: Martin Choma > > Reproducer: > * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. > * Server certificate is expired > * Client has Intermediate CA in Elytron truststore > * SSL handshake fails using Elytron client ssl context: > {code} > 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown > 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 > 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 > 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... > 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() > 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 > {code} > If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. > {code} > 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 > at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) > at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) > at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) > at java.lang.Thread.run(Thread.java:748) > {code} > So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. > [1] https://issues.jboss.org/browse/JBEAP-6157 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 8 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2018