You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Adam Turley (Jira)" <ji...@apache.org> on 2021/02/17 22:04:00 UTC
[jira] [Updated] (NIFI-8234) Jetty server does not start up when a
keystore with multiple certificates is used on 1.13.0
[ https://issues.apache.org/jira/browse/NIFI-8234?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Adam Turley updated NIFI-8234:
------------------------------
Fix Version/s: (was: 1.12.1)
(was: 1.13.0)
Affects Version/s: 1.13.0
Description:
Seeing following Error in NiFi 1.13.0.
{code:java}
2021-02-17 21:52:35,705 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275)
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
at org.eclipse.jetty.server.Server.doStart(Server.java:385)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1058)
at org.apache.nifi.NiFi.<init>(NiFi.java:158)
at org.apache.nifi.NiFi.<init>(NiFi.java:72)
at org.apache.nifi.NiFi.main(NiFi.java:301)
{code}
was:
In the newer Jetty version (which is recently upgraded on the main branch), Jetty's `SslContextFactory()` has been deprecated, and we can use `SslContextFactory.Server()` or `SslContextFactory.Client()` instead. If we use `SslContextFactory()`, Jetty server does not start when we use keystores with multiple certificates, with the following error log.
In addition to that, we can remove `setEndpointIdentificationAlgorithm(null);` since it will be executed in the constructor of `SslContextFactory.Server()` if we replace with it.
(See: [https://github.com/eclipse/jetty.project/blob/jetty-9.4.26.v20200117/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java#L2204])
{code:java}
2020-08-07 19:50:32,299 INFO [main] o.e.jetty.util.ssl.SslContextFactory x509=X509@3aac31b7(nifi-key,h=[****],w=[****]) for SslContextFactory@57def953[provider=null,keyStore=file:///****/keystore.jks,trustStore=file:///****/truststore.jks]
2020-08-07 19:50:32,308 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275)
at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
at org.eclipse.jetty.server.Server.doStart(Server.java:385)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1060)
at org.apache.nifi.NiFi.<init>(NiFi.java:160)
at org.apache.nifi.NiFi.<init>(NiFi.java:72)
at org.apache.nifi.NiFi.main(NiFi.java:303)
2020-08-07 19:50:32,309 INFO [Thread-1] org.apache.nifi.NiFi Initiating shutdown of Jetty web server...
{code}
Environment: Redhat Linux 7.9
> Jetty server does not start up when a keystore with multiple certificates is used on 1.13.0
> -------------------------------------------------------------------------------------------
>
> Key: NIFI-8234
> URL: https://issues.apache.org/jira/browse/NIFI-8234
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.12.0, 1.13.0
> Environment: Redhat Linux 7.9
> Reporter: Adam Turley
> Assignee: Andy LoPresto
> Priority: Blocker
>
> Seeing following Error in NiFi 1.13.0.
> {code:java}
> 2021-02-17 21:52:35,705 WARN [main] org.apache.nifi.web.server.JettyServer Failed to start web server... shutting down.
> java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
> at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1275)
> at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256)
> at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
> at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245)
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:92)
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
> at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:320)
> at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
> at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:231)
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> at org.eclipse.jetty.server.Server.doStart(Server.java:385)
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1058)
> at org.apache.nifi.NiFi.<init>(NiFi.java:158)
> at org.apache.nifi.NiFi.<init>(NiFi.java:72)
> at org.apache.nifi.NiFi.main(NiFi.java:301)
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)