Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.8.4
-
Severity 2 - Major
-
800
-
Description
Issue Summary
Fisheye 4.8.4 bundles new Jetty libraries version 9.4.30, and when a wildcard certificate is used the application fails to start.
Steps to Reproduce
- Make sure to be using Fisheye 4.8.4 configured to use a wildcard certificate
- Try starting the application
Expected Results
Fisheye should be able to read the wildcard certificate.
Actual Results
The application will fail to start, and the below exception is thrown in the atlassian-fisheye.log file when the instance is started in debug mode (by adding the --debug flag):
2020-09-15 09:05:25,293 INFO [main ] org.eclipse.jetty.server.handler.ContextHandler ContextHandler-doStart - Started c.c.f.w.j.FishEyeWebApplicationContext@3daf7722{Fisheye WebApp,/,file:///opt/atlassian/crucible/fecru-4.8.4/content/,AVAILABLE}{/opt/atlassian/crucible/fecru-4.8.4/content} 2020-09-15 09:05:25,300 INFO [main ] org.eclipse.jetty.server.AbstractConnector AbstractConnector-doStart - Started LocalConnector@1ae8bcbc{HTTP/1.1, (http/1.1)} 2020-09-15 09:05:25,347 INFO [main ] org.eclipse.jetty.server.AbstractConnector AbstractConnector-doStart - Started ServerConnector@479ceda0{HTTP/1.1, (http/1.1)}{0.0.0.0:8060} 2020-09-15 09:05:25,349 INFO [main ] org.eclipse.jetty.util.ssl.SslContextFactory SslContextFactory-load - x509=X509@521a8a9b(fisheye,h=[crucible2.colsa.com, colsa.com],w=[colsa.com]) for SslContextFactory@7a5c6d8[provider=null,keyStore=file:///var/atlassian/application/crucible/crucible_new.jks,trustStore=file:///var/atlassian/application/crucible/crucible_new.jks] 2020-09-15 09:05:25,353 DEBUG [main ] fisheye Run-mainImpl - startup stacktrace java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1274) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.Server.doStart(Server.java:386) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at com.cenqua.fisheye.web.WebServer.start(WebServer.java:327) [fisheye.jar:?] at com.cenqua.fisheye.ctl.Run.mainImpl(Run.java:236) [fisheye.jar:?] at com.cenqua.fisheye.ctl.Run.main(Run.java:55) [fisheye.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [?:1.8.0_261] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [?:1.8.0_261] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_261] at java.lang.reflect.Method.invoke(Method.java:498) [?:1.8.0_261] at com.cenqua.fisheye.FishEyeCtl.mainImpl(FishEyeCtl.java:101) [fisheyeboot.jar:?] at com.cenqua.fisheye.FishEyeCtl.main(FishEyeCtl.java:44) [fisheyeboot.jar:?] 2020-09-15 09:05:25,361 ERROR [main ] fisheye Run-logStartupException - Could not start server: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1274) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.Server.doStart(Server.java:386) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at com.cenqua.fisheye.web.WebServer.start(WebServer.java:327) [fisheye.jar:?] at com.cenqua.fisheye.ctl.Run.mainImpl(Run.java:236) [fisheye.jar:?] at com.cenqua.fisheye.ctl.Run.main(Run.java:55) [fisheye.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [?:1.8.0_261] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [?:1.8.0_261] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_261] at java.lang.reflect.Method.invoke(Method.java:498) [?:1.8.0_261] at com.cenqua.fisheye.FishEyeCtl.mainImpl(FishEyeCtl.java:101) [fisheyeboot.jar:?] at com.cenqua.fisheye.FishEyeCtl.main(FishEyeCtl.java:44) [fisheyeboot.jar:?] 2020-09-15 09:05:25,392 INFO [Thread-1 ] fisheye ShutdownService-stopImpl - Shutdown requested
Workaround
- Use a Fisheye version up to 4.8.3, which uses the old Jetty libraries 9.4.19 and where the problem does not happen, or
- Do not use a wildcard certificate, or
- Switch to plain HTTP
- Terminate SSL at proxy level instead of directly in Fisheye
Attachments
Issue Links
- mentioned in
-
Page Loading...