You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2012/01/27 15:53:29 UTC
DO NOT REPLY [Bug 52544] New: tcnative-1.dll crash with RapidSSL
certificate under 64bit Java
https://issues.apache.org/bugzilla/show_bug.cgi?id=52544
Bug #: 52544
Summary: tcnative-1.dll crash with RapidSSL certificate under
64bit Java
Product: Tomcat Native
Version: 1.1.22
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: Library
AssignedTo: dev@tomcat.apache.org
ReportedBy: tlaubr@kerio.com
Classification: Unclassified
Created attachment 28219
--> https://issues.apache.org/bugzilla/attachment.cgi?id=28219
Log
My server.xml contains:
<Listener SSLEngine="on"
className="org.apache.catalina.core.AprLifecycleListener"/>
<Connector SSLCertificateFile="h:\\sslcert\\active.crt"
SSLCertificateKeyFile="h:\\sslcert\\active.key" URIEncoding="utf-8" port="443"
protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https"
secure="true" clientAuth="false" sslProtocol="TLS" />
The connector crash with this error on startup (hs_err_pid3084.log):
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00a1ac41, pid=3084, tid=3086141120
#
# JRE version: 6.0_26-b03
# Java VM: Java HotSpot(TM) Server VM (20.1-b02 mixed mode linux-x86 )
# Problematic frame:
# C [libtcnative-1.so+0x1ec41] long+0xbe
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x093e1000): JavaThread "main" [_thread_in_native, id=3084,
stack(0xbfe84000,0xbfed4000)]
siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR),
si_addr=0x00000000
Registers:
EAX=0x00000000, EBX=0x00a408fc, ECX=0x0000016e, EDX=0x00000000
ESP=0xbfed1b20, EBP=0xbfed1b48, ESI=0x00000000, EDI=0x093e1000
EIP=0x00a1ac41, EFLAGS=0x00210246, CR2=0x00000000
Top of Stack: (sp=0xbfed1b20)
0xbfed1b20: 0975ebd0 00000000 00a1d628 00000000
0xbfed1b30: 09bf64b0 0975ebd0 00000000 00000000
0xbfed1b40: 00000000 00a408fc bfed1ca8 00a1af54
0xbfed1b50: 0975c168 09bf64d8 00000000 bfed1b34
0xbfed1b60: b4f67640 00000000 b4f676a5 09bf64d8
0xbfed1b70: 09761f00 00000000 0975c168 00000000
0xbfed1b80: 01010000 bfed1b34 00000000 00000000
0xbfed1b90: 00000000 00000000 00000000 00000000
Instructions: (pc=0x00a1ac41)
0x00a1ac21: 08 c7 44 24 04 00 00 00 00 8b 45 ec 89 04 24 e8
0x00a1ac31: 93 11 ff ff 89 45 f0 83 7d f0 00 75 32 8b 45 f4
0x00a1ac41: c6 00 00 c7 44 24 0c 00 00 00 00 c7 44 24 08 00
0x00a1ac51: 00 00 00 c7 44 24 04 01 00 00 00 8b 45 ec 89 04
Register to memory mapping:
EAX=0x00000000 is an unknown value
EBX=0x00a408fc: <offset 0x448fc> in
/opt/kerio/workspace/tomcat/lib/libtcnative-1.so at 0x009fc000
ECX=0x0000016e is an unknown value
EDX=0x00000000 is an unknown value
ESP=0xbfed1b20 is pointing into the stack for thread: 0x093e1000
EBP=0xbfed1b48 is pointing into the stack for thread: 0x093e1000
ESI=0x00000000 is an unknown value
EDI=0x093e1000 is a thread
Stack: [0xbfe84000,0xbfed4000], sp=0xbfed1b20, free space=310k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [libtcnative-1.so+0x1ec41] long+0xbe
C [libtcnative-1.so+0x1ef54]
Java_org_apache_tomcat_jni_SSLContext_setCertificate+0x21d
j
org.apache.tomcat.jni.SSLContext.setCertificate(JLjava/lang/String;Ljava/lang/String;Ljava/lang/String;I)Z+0
j org.apache.tomcat.util.net.AprEndpoint.init()V+628
j org.apache.coyote.http11.Http11AprProtocol.init()V+26
j org.apache.catalina.connector.Connector.initialize()V+202
j org.apache.catalina.core.StandardService.initialize()V+264
j org.apache.catalina.core.StandardServer.initialize()V+170
j org.apache.catalina.startup.Catalina.load()V+333
I tested it also under Windows 7/64bit and it also crashes with 64bit java. If
the server is run under 32bit java, the error doesn't appear.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 52544] tcnative-1.dll crash with RapidSSL
certificate under 64bit Java
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52544
--- Comment #1 from Mladen Turk <mt...@apache.org> 2012-02-21 17:34:46 UTC ---
This would be hard to debug without a certificates that cause a crash.
If you can provide a certificate that causes the crash I can try to debug the
issues. You can send it directly to my email if concerned about security.
Without seeing what the certificate actually is, I'm afraid we can't do much
since there were no reports of the similar issues.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 52544] tcnative-1.dll crash with RapidSSL
certificate under 64bit Java
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52544
Mladen Turk <mt...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--- Comment #2 from Mladen Turk <mt...@apache.org> 2012-02-29 10:31:06 UTC ---
You will need to covert the certificate to pem.
I exported active-1.crt certificates you have send me and then did:
openssl base64 -d -A -in *.net.crt -out active-1.der
After that its loaded.
Note that depending on OpenSSL version you can get core with that certificate.
Contemporary OpenSSL's will throw
... (error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag)
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
Also versions before 1.1.23 can core if you set key without certificate
eg you only have SSLCertificateKeyFile=".." but not SSLCertificateFile="..."
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org