[jboss-jira] [JBoss JIRA] (WFCORE-5069) libwfssl is not detected by EAP automatically -> cannot use OpenSSL security provider

Farah Juma (Jira) issues at jboss.org
Wed Jul 29 12:29:00 EDT 2020 

     [ https://issues.redhat.com/browse/WFCORE-5069?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Farah Juma updated WFCORE-5069:
-------------------------------
    Fix Version/s: 13.0.0.Final


> libwfssl is not detected by EAP automatically -> cannot use OpenSSL security provider
> -------------------------------------------------------------------------------------
>
>                 Key: WFCORE-5069
>                 URL: https://issues.redhat.com/browse/WFCORE-5069
>             Project: WildFly Core
>          Issue Type: Bug
>            Reporter: Farah Juma
>            Assignee: Farah Juma
>            Priority: Major
>             Fix For: 13.0.0.Final
>
>
> Looks like detection of `libwfssl` is broken in current build. When I try to configure OpenSSL security provider in legacy security, I can see following errors in standalone.log:
> {code:java}
> 15:39:44,704 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service15:39:44,704 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context: WFLYDM0018: Unable to start service at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:116) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739) at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701) at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559) at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377) at java.lang.Thread.run(Thread.java:748)Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLSv1.2, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi) at java.security.Provider$Service.newInstance(Provider.java:1617) at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) at sun.security.jca.GetInstance.getInstance(GetInstance.java:164) at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156) at org.jboss.as.domain.management.security.SSLContextService.start(SSLContextService.java:105) ... 8 moreCaused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException at org.wildfly.openssl.SSL.init(SSL.java:87) at org.wildfly.openssl.OpenSSLContextSPI.<init>(OpenSSLContextSPI.java:129) at org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi.<init>(OpenSSLContextSPI.java:484) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at java.security.Provider$Service.newInstance(Provider.java:1595) ... 12 moreCaused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.wildfly.openssl.SSL.init(SSL.java:82) ... 19 moreCaused by: java.lang.UnsatisfiedLinkError: no wfssl in java.library.path at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1860) at java.lang.Runtime.loadLibrary0(Runtime.java:870) at java.lang.System.loadLibrary(System.java:1124) at org.wildfly.openssl.SSL$LibraryLoader.load(SSL.java:288) ... 24 more
> 15:39:44,818 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([    ("core-service" => "management"),    ("security-realm" => "ApplicationRealm")]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.core.management.security.realm.ApplicationRealm.ssl-context" => "WFLYDM0018: Unable to start service    Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: openssl.TLSv1.2, provider: openssl, class: org.wildfly.openssl.OpenSSLContextSPI$OpenSSLTLS_1_2_ContextSpi)    Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException    Caused by: java.lang.reflect.InvocationTargetException    Caused by: java.lang.UnsatisfiedLinkError: no wfssl in java.library.path"}} {code}
>  
> This is a regression against previous release - {{EAP7.3.1}}. Expected behaviour is no error in the log, libwfssl is loaded successfully and OpenSSL is correctly used for TLS connections.
> Note - there has been a change in the location of the particular libwfssl native binaries in the distribution, see https://github.com/wildfly-security/wildfly-openssl/commit/c5c07d3dc0d6376409a028ffcff9af35dbc1b616
> {code:title=7.3.1}
> $ find . -name *wfssl*
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-sparcv9/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-x86_64/wfssl.dll
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-i386/wfssl.dll
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-i386/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-s390x/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-x86_64/libwfssl.so
> {code}
> and
> {code:title=7.4.0.CD20-CR1}
> $ find . -name *ssl*
> ./modules/system/layers/base/org/wildfly/openssl
> ./modules/system/layers/base/org/wildfly/openssl/main/wildfly-openssl-java-1.1.0.Final-redhat-00001.jar
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-sparcv9/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/solaris-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-x86_64/wfssl.dll
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/win-i386/wfssl.dll
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/linux-s390x/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/el8-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/el7-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/el6-x86_64/libwfssl.so
> ./modules/system/layers/base/org/wildfly/openssl/main/lib/el6-i386/libwfssl.so
> ./modules/system/layers/base/org/wildfly/security/elytron-private/main/wildfly-elytron-ssl-1.12.1.Final-redhat-00001.jar
> {code}
>  



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list