]
Farah Juma moved JBEAP-19905 to WFCORE-5047:
--------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-5047 (was: JBEAP-19905)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Security
(was: Security)
(was: Web (Undertow))
Affects Version/s: (was: 7.4.0.CD20-CR1)
libwfssl is not detected by EAP automatically -> cannot use
OpenSSL security provider
-------------------------------------------------------------------------------------
Key: WFCORE-5047
URL:
https://issues.redhat.com/browse/WFCORE-5047
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Farah Juma
Assignee: Farah Juma
Priority: Blocker
Looks like detection of `libwfssl` is broken in current build. When I try to configure
OpenSSL security provider in legacy security, I can see following errors in
standalone.log:
{code:java}
15:39:44,704 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001:
Failed to start service
org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context:
org.jboss.msc.service.StartException in service
org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018:
Unable to start service15:39:44,704 ERROR [org.jboss.msc.service.fail] (MSC service thread
1-7) MSC000001: Failed to start service
org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context:
org.jboss.msc.service.StartException in service
org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018:
Unable to start service at
org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:116)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
at
org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
at
org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at
org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)Caused by: java.security.NoSuchAlgorithmException:
Error constructing implementation (algorithm: openssl.TLSv1.2, provider: openssl, class:
org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi) at
java.security.Provider$Service.newInstance(Provider.java:1617) at
sun.security.jca.GetInstance.getInstance(GetInstance.java:236) at
sun.security.jca.GetInstance.getInstance(GetInstance.java:164) at
javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) at
org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:105)
... 8 moreCaused by: java.lang.RuntimeException:
java.lang.reflect.InvocationTargetException at org.wildfly.openssl.SSL.init(SSL.java:87)
at org.wildfly.openssl.OpenSSLContextSPI.<init>(OpenSSLContextSPI.java:129) at
org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi.<init>(OpenSSLContextSPI.java:484)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at
java.security.Provider$Service.newInstance(Provider.java:1595) ... 12 moreCaused by:
java.lang.reflect.InvocationTargetException at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at
java.lang.reflect.Method.invoke(Method.java:498) at
org.wildfly.openssl.SSL.init(SSL.java:82) ... 19 moreCaused by:
java.lang.UnsatisfiedLinkError: no wfssl in java.library.path at
java.lang.ClassLoader.loadLibrary(ClassLoader.java:1860) at
java.lang.Runtime.loadLibrary0(Runtime.java:870) at
java.lang.System.loadLibrary(System.java:1124) at
org.wildfly.openssl.SSL$LibraryLoader.load(SSL.java:288) ... 24 more
15:39:44,818 ERROR [org.jboss.as.controller.management-operation] (Controller Boot
Thread) WFLYCTL0013: Operation ("add") failed - address: ([
("core-service" => "management"), ("security-realm"
=> "ApplicationRealm")]) - failure description: {"WFLYCTL0080: Failed
services" =>
{"org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context" =>
"WFLYDM0018: Unable to start service Caused by:
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm:
openssl.TLSv1.2, provider: openssl, class:
org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi) Caused by:
java.lang.RuntimeException: java.lang.reflect.InvocationTargetException Caused by:
java.lang.reflect.InvocationTargetException Caused by: java.lang.UnsatisfiedLinkError:
no wfssl in java.library.path"}} {code}
This is a regression against previous release - {{EAP7.3.1}}. Expected behaviour is no
error in the log, libwfssl is loaded successfully and OpenSSL is correctly used for TLS
connections.
Note - there has been a change in the location of the particular libwfssl native binaries
in the distribution, see
https://github.com/wildfly-security/wildfly-openssl/commit/c5c07d3dc0d637...
{code:title=7.3.1}
$ find . -name *wfssl*
./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-sparcv9/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/win-x86_64/wfssl.dll
./modules/system/layers/base/org/wildfly/openssl/main/lib/win-i386/wfssl.dll
./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-i386/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-s390x/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-x86_64/libwfssl.so
{code}
and
{code:title=7.4.0.CD20-CR1}
$ find . -name *ssl*
./modules/system/layers/base/org/wildfly/openssl
./modules/system/layers/base/org/wildfly/openssl/main/wildfly-openssl-java-1.1.0.Final-redhat-00001.jar
./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-sparcv9/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/win-x86_64/wfssl.dll
./modules/system/layers/base/org/wildfly/openssl/main/lib/win-i386/wfssl.dll
./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-s390x/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/el8-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/el7-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/el6-x86_64/libwfssl.so
./modules/system/layers/base/org/wildfly/openssl/main/lib/el6-i386/libwfssl.so
./modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-ssl-1.12.1.Final-redhat-00001.jar
{code}