February 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFLY-9921) Unable to create SSL connection if expired certificate chain used

by Martin Choma (JIRA)

[ https://issues.jboss.org/browse/WFLY-9921?page=com.atlassian.jira.plugin.... ] Martin Choma reassigned WFLY-9921: ---------------------------------- Assignee: (was: Darran Lofthouse) > Unable to create SSL connection if expired certificate chain used > ----------------------------------------------------------------- > > Key: WFLY-9921 > URL: https://issues.jboss.org/browse/WFLY-9921 > Project: WildFly > Issue Type: Bug > Components: Security > Affects Versions: 12.0.0.CR1 > Reporter: Martin Choma > > Reproducer: > * Server secured by certificate chain, it means Certificate is signed with Intermediate CA which is signed by root CA. > * Server certificate is expired > * Client has Intermediate CA in Elytron truststore > * SSL handshake fails using Elytron client ssl context: > {code} > 18:27:54,540 INFO [stdout] (default task-1) default task-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown > 18:27:54,540 INFO [stdout] (default task-1) default task-1, WRITE: TLSv1 Alert, length = 2 > 18:27:54,540 INFO [stdout] (default task-1) [Raw write]: length = 7 > 18:27:54,540 INFO [stdout] (default task-1) 0000: 15 03 01 00 02 02 2E ....... > 18:27:54,541 INFO [stdout] (default task-1) default task-1, called closeSocket() > 18:27:54,541 INFO [stdout] (default task-1) default task-1, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 10:49:56 CET 2017 > {code} > If I put expired certificate itself into truststore SSL handshake pass, although warning is logged. > {code} > 18:35:28,648 WARN [org.wildfly.extension.elytron] (MSC service thread 1-8) WFLYELY00024: Certificate [cn=rhds05.mw.lab.eng.bos.redhat.com, ou=engineering operations, o="red hat, inc.", st=north carolina, c=us] in KeyStore is not valid: java.security.cert.CertificateExpiredException: NotAfter: Sat Dec 16 12:39:06 CET 2017 > at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) > at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:602) > at org.wildfly.extension.elytron.KeyStoreService.checkCertificatesValidity(KeyStoreService.java:177) > at org.wildfly.extension.elytron.KeyStoreService.start(KeyStoreService.java:140) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1701) > at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1680) > at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1527) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1979) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1481) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1374) > at java.lang.Thread.run(Thread.java:748) > {code} > So behaviour in these 2 cases is inconsistent. I think we have agreed before we let pass SSL handshake with expired certificate but warn about it in log [1]. > [1] https://issues.jboss.org/browse/JBEAP-6157 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-38) [QE] - SWS-60 - Display the list of services

by Hayk Hovsepyan (JIRA)

[ https://issues.jboss.org/browse/SWSQE-38?page=com.atlassian.jira.plugin.s... ] Hayk Hovsepyan updated SWSQE-38: -------------------------------- Summary: [QE] - SWS-60 - Display the list of services (was: [QE] - SWS-60) > [QE] - SWS-60 - Display the list of services > -------------------------------------------- > > Key: SWSQE-38 > URL: https://issues.jboss.org/browse/SWSQE-38 > Project: Swift Sunshine QE > Issue Type: Task > Reporter: Hayk Hovsepyan > Assignee: Hayk Hovsepyan > > Test subtasks of https://issues.jboss.org/browse/SWS-60 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-1) Automate Installing of SWS on BC Openshift

by Hayk Hovsepyan (JIRA)

[ https://issues.jboss.org/browse/SWSQE-1?page=com.atlassian.jira.plugin.sy... ] Hayk Hovsepyan resolved SWSQE-1. -------------------------------- Resolution: Done Jenkins Job is created. http://jenkins2.bc.jonqe.lab.eng.bos.redhat.com:8080/job/Istio%20and%20SW... > Automate Installing of SWS on BC Openshift > ------------------------------------------ > > Key: SWSQE-1 > URL: https://issues.jboss.org/browse/SWSQE-1 > Project: Swift Sunshine QE > Issue Type: Sub-task > Reporter: Hayk Hovsepyan > Assignee: Hayk Hovsepyan > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-29) Automate Installing Istio-system on B21 OC

by Hayk Hovsepyan (JIRA)

[ https://issues.jboss.org/browse/SWSQE-29?page=com.atlassian.jira.plugin.s... ] Hayk Hovsepyan resolved SWSQE-29. --------------------------------- Resolution: Done http://jenkins2.bc.jonqe.lab.eng.bos.redhat.com:8080/job/Istio%20and%20SW... > Automate Installing Istio-system on B21 OC > ------------------------------------------ > > Key: SWSQE-29 > URL: https://issues.jboss.org/browse/SWSQE-29 > Project: Swift Sunshine QE > Issue Type: Sub-task > Reporter: Hayk Hovsepyan > Assignee: Hayk Hovsepyan > -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2352) Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal

by Geoffrey De Smet (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2352?page=com.atlassian.jira.plugi... ] Geoffrey De Smet commented on DROOLS-2352: ------------------------------------------ The optaplanner turtle tests were notorious after the phreak algorithm was ready: they found over 30 distinct bugs. > Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal > ------------------------------------------------------------------------------------------------------------------------------------- > > Key: DROOLS-2352 > URL: https://issues.jboss.org/browse/DROOLS-2352 > Project: Drools > Issue Type: Task > Components: core engine > Reporter: Geoffrey De Smet > Assignee: Tibor Zimányi > > For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? > To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. > Mario Fusco says you can do this to turn on the executable model: > {code} > kieBuilder.buildAll( ExecutableModelProject.class ); > {code} > I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. > Note: I have no idea if this even make sense: those turtle tests use a drl file input and don't use the kie-maven-plugin. We're looking for a switch to just turn it on and see if they are all still green. Mario thinks it's possible, if I understand it correctly. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2352) Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal

by Geoffrey De Smet (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2352?page=com.atlassian.jira.plugi... ] Geoffrey De Smet updated DROOLS-2352: ------------------------------------- Description: For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. Mario Fusco says you can do this to turn on the executable model: {code} kieBuilder.buildAll( ExecutableModelProject.class ); {code} I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. Note: I have no idea if this even make sense: those turtle tests use a drl file input and don't use the kie-maven-plugin. We're looking for a switch to just turn it on and see if they are all still green. Mario thinks it's possible, if I understand it correctly. was: For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. Mario Fusco says you can do this to turn on the executable model: {code} kieBuilder.buildAll( ExecutableModelProject.class ); {code} I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. Note: I have no idea if this even make sense: those turtle tests use a drl file input and don't use the kie-maven-plugin. We're looking for a switch to just turn it on and see if they are all still green. Mario thinks it's possible. > Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal > ------------------------------------------------------------------------------------------------------------------------------------- > > Key: DROOLS-2352 > URL: https://issues.jboss.org/browse/DROOLS-2352 > Project: Drools > Issue Type: Task > Components: core engine > Reporter: Geoffrey De Smet > > For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? > To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. > Mario Fusco says you can do this to turn on the executable model: > {code} > kieBuilder.buildAll( ExecutableModelProject.class ); > {code} > I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. > Note: I have no idea if this even make sense: those turtle tests use a drl file input and don't use the kie-maven-plugin. We're looking for a switch to just turn it on and see if they are all still green. Mario thinks it's possible, if I understand it correctly. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2352) Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal

by Geoffrey De Smet (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2352?page=com.atlassian.jira.plugi... ] Geoffrey De Smet reassigned DROOLS-2352: ---------------------------------------- Assignee: Tibor Zimányi > Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal > ------------------------------------------------------------------------------------------------------------------------------------- > > Key: DROOLS-2352 > URL: https://issues.jboss.org/browse/DROOLS-2352 > Project: Drools > Issue Type: Task > Components: core engine > Reporter: Geoffrey De Smet > Assignee: Tibor Zimányi > > For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? > To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. > Mario Fusco says you can do this to turn on the executable model: > {code} > kieBuilder.buildAll( ExecutableModelProject.class ); > {code} > I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. > Note: I have no idea if this even make sense: those turtle tests use a drl file input and don't use the kie-maven-plugin. We're looking for a switch to just turn it on and see if they are all still green. Mario thinks it's possible, if I understand it correctly. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (WFLY-9917) renewal of server certificate for Undertow without restarting server

by Bernard H (JIRA)

[ https://issues.jboss.org/browse/WFLY-9917?page=com.atlassian.jira.plugin.... ] Bernard H commented on WFLY-9917: --------------------------------- scope: * add/renew CA root certs * add/renew remote parties certs for remote party authentication * add/renew local server identities (when multiple realms+HTTPS listeners are used on different inbound connection ports) Tips? * move all params/settings to host controller side, trust related + identity related(already) * host controller to dispatch updates (push? pull?) * note: host controller can already be restarted without restarting servers > renewal of server certificate for Undertow without restarting server > -------------------------------------------------------------------- > > Key: WFLY-9917 > URL: https://issues.jboss.org/browse/WFLY-9917 > Project: WildFly > Issue Type: Feature Request > Components: Web (Undertow) > Affects Versions: 11.0.0.Final > Reporter: Hisanobu Okuda > Assignee: Stuart Douglas > > It is convenient that a server certificate for https interface can be renewed without restarting a server. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2352) Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal

by Geoffrey De Smet (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2352?page=com.atlassian.jira.plugi... ] Geoffrey De Smet updated DROOLS-2352: ------------------------------------- Description: For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. Mario Fusco says you can do this to turn on the executable model: {code} kieBuilder.buildAll( ExecutableModelProject.class ); {code} I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. Note: I have no idea if this even make sense: those turtle tests use a drl file input and don't use the kie-maven-plugin. We're looking for a switch to just turn it on and see if they are all still green. Mario thinks it's possible. was: For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. Mario Fusco says you can do this to turn on the executable model: {code} kieBuilder.buildAll( ExecutableModelProject.class ); {code} I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. > Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal > ------------------------------------------------------------------------------------------------------------------------------------- > > Key: DROOLS-2352 > URL: https://issues.jboss.org/browse/DROOLS-2352 > Project: Drools > Issue Type: Task > Components: core engine > Reporter: Geoffrey De Smet > > For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? > To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. > Mario Fusco says you can do this to turn on the executable model: > {code} > kieBuilder.buildAll( ExecutableModelProject.class ); > {code} > I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. > Note: I have no idea if this even make sense: those turtle tests use a drl file input and don't use the kie-maven-plugin. We're looking for a switch to just turn it on and see if they are all still green. Mario thinks it's possible. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2352) Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal

by Geoffrey De Smet (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2352?page=com.atlassian.jira.plugi... ] Geoffrey De Smet reassigned DROOLS-2352: ---------------------------------------- Assignee: (was: Mario Fusco) > Executable model test coverage: run the optaplanner turtleTests with the executable model turned on and see if it survives the ordeal > ------------------------------------------------------------------------------------------------------------------------------------- > > Key: DROOLS-2352 > URL: https://issues.jboss.org/browse/DROOLS-2352 > Project: Drools > Issue Type: Task > Components: core engine > Reporter: Geoffrey De Smet > > For now, we're looking for a one time test. Later I presume the exe model will be come the default, so these tests would just run? > To run the optaplanner turtle tests, run all tests in optaplanner-examples with the VM parameter `-DrunTurtleTests=true`. They take 48 hours to run. You can also just run one, for example NurseRosteringSolveAllTurtleTest, but don't forget that VM parameter. > Mario Fusco says you can do this to turn on the executable model: > {code} > kieBuilder.buildAll( ExecutableModelProject.class ); > {code} > I presume you 'd need to hack that in `ScoreDirectorFactoryConfig.buildDroolsScoreDirectorFactory()`. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 3 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2018