You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Alexander Murmann (Jira)" <ji...@apache.org> on 2022/05/16 22:19:00 UTC

[jira] [Commented] (GEODE-9394) Apache Geode does not properly cleanup its SSL context between runs

    [ https://issues.apache.org/jira/browse/GEODE-9394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17537826#comment-17537826 ] 

Alexander Murmann commented on GEODE-9394:
------------------------------------------

[~jblum] Sorry, to follow up after such a long time. Do you recall what you did to run into this issue? Also, when you say "retained between Geode instance runs", I think you mean server restarts. However, you prose that somehow our statics are causing this, but those of course don't persists between restarts. What's the "instance runs" you are referring to?

> Apache Geode does not properly cleanup its SSL context between runs
> -------------------------------------------------------------------
>
>                 Key: GEODE-9394
>                 URL: https://issues.apache.org/jira/browse/GEODE-9394
>             Project: Geode
>          Issue Type: Bug
>          Components: security
>            Reporter: John Blum
>            Priority: Critical
>
> Because Geode internally uses may statics to maintain state and to pass configuration between components in a non-Object Oriented fashion, I believe stale SSL configuration is being retained between Geode instance runs, leading to Exceptions thrown of the following nature:
> {code}
> Caused by: org.apache.geode.GemFireConfigException: Error configuring GemFire ssl 
> 	at org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:249)
> 	at org.apache.geode.internal.net.SocketCreator.<init>(SocketCreator.java:180)
> 	at org.apache.geode.internal.net.SocketCreatorFactory.createSSLSocketCreator(SocketCreatorFactory.java:114)
> 	at org.apache.geode.internal.net.SocketCreatorFactory.getSSLSocketCreator(SocketCreatorFactory.java:88)
> 	at org.apache.geode.internal.net.SocketCreatorFactory.getOrCreateSocketCreatorForSSLEnabledComponent(SocketCreatorFactory.java:104)
> 	at org.apache.geode.internal.net.SocketCreatorFactory.getSocketCreatorForComponent(SocketCreatorFactory.java:74)
> 	at org.apache.geode.cache.client.internal.ConnectionFactoryImpl.<init>(ConnectionFactoryImpl.java:84)
> 	at org.apache.geode.cache.client.internal.PoolImpl.<init>(PoolImpl.java:261)
> 	at org.apache.geode.cache.client.internal.PoolImpl.create(PoolImpl.java:161)
> 	at org.apache.geode.internal.cache.PoolFactoryImpl.create(PoolFactoryImpl.java:374)
> 	at org.apache.geode.internal.cache.GemFireCacheImpl.determineDefaultPool(GemFireCacheImpl.java:2835)
> 	at org.apache.geode.internal.cache.GemFireCacheImpl.getDefaultPool(GemFireCacheImpl.java:1321)
> 	at org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.getDefaultPool(ClientRegionFactoryImpl.java:101)
> 	at org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.createRegionAttributes(ClientRegionFactoryImpl.java:249)
> 	at org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.create(ClientRegionFactoryImpl.java:232)
> 	at org.springframework.data.gemfire.client.ClientRegionFactoryBean.newRegion(ClientRegionFactoryBean.java:193)
> 	at org.springframework.data.gemfire.client.ClientRegionFactoryBean.createRegion(ClientRegionFactoryBean.java:164)
> 	at org.springframework.data.gemfire.ResolvableRegionFactoryBean.afterPropertiesSet(ResolvableRegionFactoryBean.java:96)
> 	at org.springframework.data.gemfire.config.annotation.support.CacheTypeAwareRegionFactoryBean.newClientRegion(CacheTypeAwareRegionFactoryBean.java:181)
> 	at org.springframework.data.gemfire.config.annotation.support.CacheTypeAwareRegionFactoryBean.createRegion(CacheTypeAwareRegionFactoryBean.java:141)
> 	at org.springframework.data.gemfire.ResolvableRegionFactoryBean.afterPropertiesSet(ResolvableRegionFactoryBean.java:96)
> 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1858)
> 	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1795)
> 	... 69 more
> Caused by: java.security.UnrecoverableKeyException: Password must not be null
> 	at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:134)
> 	at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:57)
> 	at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
> 	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:71)
> 	at java.security.KeyStore.getKey(KeyStore.java:1023)
> 	at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145)
> 	at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
> 	at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
> 	at org.apache.geode.internal.net.SocketCreator.getKeyManagers(SocketCreator.java:422)
> 	at org.apache.geode.internal.net.SocketCreator.createAndConfigureSSLContext(SocketCreator.java:292)
> 	at org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:246)
> 	... 91 more
> {code}
> In the StackTrace above, SSL was not even configured between the Geode client and server even though Geode thinks it was.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)