[jboss-jira] [JBoss JIRA] (WFCORE-1296) Rejecting the SSL certificate while connecting via CLI block indefinately

Alexey Loubyansky (JIRA) issues at jboss.org
Wed Jan 13 09:12:00 EST 2016 

     [ https://issues.jboss.org/browse/WFCORE-1296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alexey Loubyansky moved JBEAP-2767 to WFCORE-1296:
--------------------------------------------------

              Project: WildFly Core  (was: JBoss Enterprise Application Platform)
                  Key: WFCORE-1296  (was: JBEAP-2767)
             Workflow: GIT Pull Request workflow   (was: CDW v1)
          Component/s: CLI
                           (was: CLI)
                           (was: Security)
       Target Release:   (was: 7.0.0.GA)
    Affects Version/s: 2.0.5.Final
                           (was: 7.0.0.ER3)


> Rejecting the SSL certificate while connecting via CLI block indefinately 
> --------------------------------------------------------------------------
>
>                 Key: WFCORE-1296
>                 URL: https://issues.jboss.org/browse/WFCORE-1296
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: CLI
>    Affects Versions: 2.0.5.Final
>            Reporter: Alexey Loubyansky
>            Assignee: Alexey Loubyansky
>
> Connection to the CLI secured by SSL blocks indefinitely once I refuse to accept the server certificate.
> *reproduce*
> start standalone server and secure ManagementRealm with ssl
> *6.4.0 behaviour*
> {noformat}
> ./jboss-cli.sh -c '/core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-path=$PATH_TO_KEYSTORE, keystore-password=$PASSWORD), reload'
> ./jboss-cli.sh -c 127.0.0.1:9443
> ...
> Accept certificate? [N]o, [T]emporarily, [P]ermenantly : N
> org.jboss.as.cli.CliInitializationException: Failed to connect to the controller
> 	at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:299)
> 	at org.jboss.as.cli.impl.CliLauncher.main(CliLauncher.java:265)
> 	at org.jboss.as.cli.CommandLineMain.main(CommandLineMain.java:45)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:497)
> 	at org.jboss.modules.Module.run(Module.java:312)
> 	at org.jboss.modules.Main.main(Main.java:473)
> Caused by: org.jboss.as.cli.CommandLineException: Unable to negotiate SSL connection with controller at localhost:9999
> 	at org.jboss.as.cli.impl.CommandContextImpl.tryConnection(CommandContextImpl.java:1048)
> 	at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:887)
> 	at org.jboss.as.cli.impl.CommandContextImpl.connectController(CommandContextImpl.java:863)
> 	at org.jboss.as.cli.impl.CliLauncher.initCommandContext(CliLauncher.java:297)
> 	... 8 more
> $
> {noformat}
> *7.0.0.ER3 behaviour*
> {noformat}
> ./jboss-cli.sh -c
> /core-service=management/security-realm=ManagementRealm/server-identity=ssl:add(keystore-path=/path/to/keystore, keystore-password=password)
> /core-service=management/management-interface=http-interface:undefine-attribute(name=socket-binding
> /core-service=management/management-interface=http-interface:write-attribute(name=secure-socket-binding,value=management-https)
> reload
> {noformat}
> Connect to the CLI and reject the certificate
> {noformat}
> $ ./jboss-cli.sh --controller=https-remoting://localhost:9993 -c
> ...
> Accept certificate? [N]o, [T]emporarily, [P]ermenantly : N
> {noformat}
> You are stuck at this point, all you can do is to interrupt (Ctrl+C)
> {noformat}
> java.lang.InterruptedException
> 	at java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireInterruptibly(AbstractQueuedSynchronizer.java:1220)
> 	at java.util.concurrent.locks.ReentrantLock.lockInterruptibly(ReentrantLock.java:335)
> 	at java.util.concurrent.ArrayBlockingQueue.take(ArrayBlockingQueue.java:400)
> 	at org.jboss.aesh.console.Console.getInput(Console.java:484)
> 	at org.jboss.aesh.console.Console.getInputLine(Console.java:528)
> 	at org.jboss.as.cli.impl.Console$Factory$1.read(Console.java:222)
> 	at org.jboss.as.cli.impl.Console$Factory$1.readLine(Console.java:197)
> 	at org.jboss.as.cli.impl.CommandContextImpl.readLine(CommandContextImpl.java:899)
> 	at org.jboss.as.cli.impl.CommandContextImpl.handleSSLFailure(CommandContextImpl.java:1137)
> 	at org.jboss.as.cli.impl.CommandContextImpl.access$1200(CommandContextImpl.java:183)
> 	at org.jboss.as.cli.impl.CommandContextImpl$LazyDelagatingTrustManager$1.run(CommandContextImpl.java:1897)
> 	at org.jboss.as.protocol.GeneralTimeoutHandler.suspendAndExecute(GeneralTimeoutHandler.java:45)
> 	at org.jboss.as.cli.impl.CommandContextImpl$LazyDelagatingTrustManager.checkServerTrusted(CommandContextImpl.java:1892)
> 	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:936)
> 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1493)
> 	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> 	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
> 	at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
> 	at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
> 	at org.xnio.ssl.JsseSslConduitEngine.handleHandshake(JsseSslConduitEngine.java:543)
> 	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:314)
> 	at org.xnio.ssl.JsseSslConduitEngine.wrap(JsseSslConduitEngine.java:204)
> 	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:98)
> 	at org.xnio.ssl.JsseSslStreamSinkConduit.write(JsseSslStreamSinkConduit.java:72)
> 	at org.xnio.conduits.ConduitStreamSinkChannel.write(ConduitStreamSinkChannel.java:150)
> 	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:385)
> 	at org.xnio.http.HttpUpgrade$HttpUpgradeState$StringWriteListener.handleEvent(HttpUpgrade.java:372)
> 	at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> 	at org.xnio.conduits.WriteReadyHandler$ChannelListenerHandler.writeReady(WriteReadyHandler.java:65)
> 	at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:93)
> 	at org.xnio.nio.WorkerThread.run(WorkerThread.java:559)
> Failed to connect to the controller: Unable to negotiate SSL connection with controller at localhost:9993
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list