You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2018/09/12 14:56:07 UTC

[Bug 62712] New: NPE in Manager TLS connector configuration diagnostics/Certificates

https://bz.apache.org/bugzilla/show_bug.cgi?id=62712

            Bug ID: 62712
           Summary: NPE in Manager TLS connector configuration
                    diagnostics/Certificates
           Product: Tomcat 8
           Version: 8.5.34
          Hardware: HP
                OS: HP-UX
            Status: NEW
          Severity: major
          Priority: P2
         Component: Manager
          Assignee: dev@tomcat.apache.org
          Reporter: 1983-01-06@gmx.net
  Target Milestone: ----

Created attachment 36146
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36146&action=edit
Debugging session in Eclipse

When pressing this button, I do get a NPE:

> java.lang.NullPointerException
> 	org.apache.catalina.manager.ManagerServlet.getConnectorCerts(ManagerServlet.java:1814)
> 	org.apache.catalina.manager.HTMLManagerServlet.sslConnectorCerts(HTMLManagerServlet.java:770)
> 	org.apache.catalina.manager.HTMLManagerServlet.doGet(HTMLManagerServlet.java:144)
> 	org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:227)
> 	javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
> 	javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
> 	org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:136)
> 	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> 	org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)

My server.xml is:

> <Connector port="8444" connectionTimeout="20000"
> 	maxHttpHeaderSize="24576" maxThreads="250"
> 	SSLEnabled="true" scheme="https" secure="true"
> 	defaultSSLHostConfigName="@main-host@">
> 	<SSLHostConfig hostName="@main-host@" protocols="TLSv1.2"
> 			honorCipherOrder="true" ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS">
> 			<Certificate certificateFile="/etc/opt/ssl/@main-host@/cert/public.pem"
> 					certificateKeyFile="/etc/opt/ssl/@main-host@/key/private.pem"
> 					certificateKeyPassword="@password@"
> 					type="RSA" />
> 	</SSLHostConfig>
> 	<SSLHostConfig hostName="@alias-host@" protocols="TLSv1.2"
> 			honorCipherOrder="true" ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DSS">
> 			<Certificate certificateFile="/etc/opt/ssl/@alias-host@/cert/public.pem"
> 					certificateKeyFile="/etc/opt/ssl/@alias-host@/key/private.pem"
> 					certificateKeyPassword="@password@"
> 					type="RSA" />
> 	</SSLHostConfig>
> </Connector>
>

Runtime config is:

> 2018-09-11T11:18:31.570 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.5.34
> 2018-09-11T11:18:31.577 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Sep 4 2018 22:28:22 UTC
> 2018-09-11T11:18:31.577 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.5.34.0
> 2018-09-11T11:18:31.578 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               HP-UX
> 2018-09-11T11:18:31.578 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            B.11.31
> 2018-09-11T11:18:31.578 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          IA64N
> 2018-09-11T11:18:31.578 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /opt/java8/jre
> 2018-09-11T11:18:31.579 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0.14-hp-ux-b1
> 2018-09-11T11:18:31.579 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Hewlett Packard Enterprise Company
> 2018-09-11T11:18:31.579 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /var/opt/tomcat-services
> 2018-09-11T11:18:31.580 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /opt/apache-tomcat-8.5.34
> 2018-09-11T11:18:31.580 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/var/opt/tomcat-services/conf/logging.properties
> 2018-09-11T11:18:31.581 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> 2018-09-11T11:18:31.581 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms256M
> 2018-09-11T11:18:31.581 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx512M
> 2018-09-11T11:18:31.582 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xbootclasspath/p:/opt/apache-tomcat-8.5.34/bin/activedirectory-ldap-hack-0.2.1.jar
> 2018-09-11T11:18:31.582 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.awt.headless=true
> 2018-09-11T11:18:31.584 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dfile.encoding=UTF-8
> 2018-09-11T11:18:31.584 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.security.auth.login.config=/opt/apache-tomcat-8.5.34/conf/login.conf
> 2018-09-11T11:18:31.584 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djavax.security.auth.useSubjectCredsOnly=false
> 2018-09-11T11:18:31.585 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.security.krb5.conf=/etc/krb5.conf
> 2018-09-11T11:18:31.585 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Doracle.net.tns_admin=/net/smartld/admin/conf/oracle
> 2018-09-11T11:18:31.585 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Doracle.net.wallet_location=/net/smartld/admin/conf/oracle/wallet
> 2018-09-11T11:18:31.585 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
> 2018-09-11T11:18:31.586 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
> 2018-09-11T11:18:31.586 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=027
> 2018-09-11T11:18:31.586 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
> 2018-09-11T11:18:31.586 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dtomcat.systemEnv=IECMIG
> 2018-09-11T11:18:31.587 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dmail.smtp.host=@mail-server@
> 2018-09-11T11:18:31.587 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dmail.smtp.localhost=@main-host@
> 2018-09-11T11:18:31.587 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.endorsed.dirs=/opt/apache-tomcat-8.5.34/endorsed
> 2018-09-11T11:18:31.588 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/var/opt/tomcat-services
> 2018-09-11T11:18:31.588 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/opt/apache-tomcat-8.5.34
> 2018-09-11T11:18:31.588 INFORMATION [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/var/opt/tomcat-services/temp
> 2018-09-11T11:18:31.589 INFORMATION [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.17] using APR version [1.6.3].
> 2018-09-11T11:18:31.589 INFORMATION [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
> 2018-09-11T11:18:31.589 INFORMATION [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [true], useOpenSSL [true]
> 2018-09-11T11:18:31.605 INFORMATION [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.0.2k  26 Jan 2017]
> 2018-09-11T11:18:32.264 INFORMATION [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-apr-8444"]
> 2018-09-11T11:18:32.601 INFORMATION [main] org.apache.catalina.startup.Catalina.load Initialization processed in 2366 ms
> 2018-09-11T11:18:32.669 INFORMATION [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
> 2018-09-11T11:18:32.670 INFORMATION [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.5.34

Please also see the attached screenshot. I assume that the code expects a
JKS-based approach while I am using PEM files for OpenSSL.

Are those buttons actually suited for non-JSSE?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 62712] NPE in Manager TLS connector configuration diagnostics/Certificates

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62712

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #5 from Mark Thomas <ma...@apache.org> ---
Thanks for the report.

Fixed in:
- trunk for 9.0.13 onwards
- 8.5.x for 8.5.35 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 62712] NPE in Manager TLS connector configuration diagnostics/Certificates

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62712

--- Comment #1 from Michael Osipov <19...@gmx.net> ---
The same happens for Trusted Certificates.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 62712] NPE in Manager TLS connector configuration diagnostics/Certificates

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62712

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
It is the APR connector it doesn't like. Neither NIO+JSSE and NIO+OpenSSL
trigger an NPE in this case. It happens in 9.0.x as well. Investigating...

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 62712] NPE in Manager TLS connector configuration diagnostics/Certificates

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62712

--- Comment #6 from Michael Osipov <mi...@apache.org> ---
(In reply to Mark Thomas from comment #5)
> Thanks for the report.
> 
> Fixed in:
> - trunk for 9.0.13 onwards
> - 8.5.x for 8.5.35 onwards

Charming, thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 62712] NPE in Manager TLS connector configuration diagnostics/Certificates

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62712

--- Comment #3 from Michael Osipov <mi...@apache.org> ---
The same issue applies to the button below the one mentioned. Shall I spawn a
new ticket for that?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 62712] NPE in Manager TLS connector configuration diagnostics/Certificates

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62712

--- Comment #4 from Mark Thomas <ma...@apache.org> ---
No need. I'll have it patched shortly.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org