-
Bug
-
Resolution: Fixed
-
Low
-
4.8.4
-
Severity 2 - Major
-
800
-
Issue Summary
Fisheye 4.8.4 bundles new Jetty libraries version 9.4.30, and when a wildcard certificate is used the application fails to start.
Steps to Reproduce
- Make sure to be using Fisheye 4.8.4 configured to use a wildcard certificate
- Try starting the application
Expected Results
Fisheye should be able to read the wildcard certificate.
Actual Results
The application will fail to start, and the below exception is thrown in the atlassian-fisheye.log file when the instance is started in debug mode (by adding the --debug flag):
2020-09-15 09:05:25,293 INFO [main ] org.eclipse.jetty.server.handler.ContextHandler ContextHandler-doStart - Started c.c.f.w.j.FishEyeWebApplicationContext@3daf7722{Fisheye WebApp,/,file:///opt/atlassian/crucible/fecru-4.8.4/content/,AVAILABLE}{/opt/atlassian/crucible/fecru-4.8.4/content} 2020-09-15 09:05:25,300 INFO [main ] org.eclipse.jetty.server.AbstractConnector AbstractConnector-doStart - Started LocalConnector@1ae8bcbc{HTTP/1.1, (http/1.1)} 2020-09-15 09:05:25,347 INFO [main ] org.eclipse.jetty.server.AbstractConnector AbstractConnector-doStart - Started ServerConnector@479ceda0{HTTP/1.1, (http/1.1)}{0.0.0.0:8060} 2020-09-15 09:05:25,349 INFO [main ] org.eclipse.jetty.util.ssl.SslContextFactory SslContextFactory-load - x509=X509@521a8a9b(fisheye,h=[crucible2.colsa.com, colsa.com],w=[colsa.com]) for SslContextFactory@7a5c6d8[provider=null,keyStore=file:///var/atlassian/application/crucible/crucible_new.jks,trustStore=file:///var/atlassian/application/crucible/crucible_new.jks] 2020-09-15 09:05:25,353 DEBUG [main ] fisheye Run-mainImpl - startup stacktrace java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1274) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.Server.doStart(Server.java:386) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at com.cenqua.fisheye.web.WebServer.start(WebServer.java:327) [fisheye.jar:?] at com.cenqua.fisheye.ctl.Run.mainImpl(Run.java:236) [fisheye.jar:?] at com.cenqua.fisheye.ctl.Run.main(Run.java:55) [fisheye.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [?:1.8.0_261] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [?:1.8.0_261] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_261] at java.lang.reflect.Method.invoke(Method.java:498) [?:1.8.0_261] at com.cenqua.fisheye.FishEyeCtl.mainImpl(FishEyeCtl.java:101) [fisheyeboot.jar:?] at com.cenqua.fisheye.FishEyeCtl.main(FishEyeCtl.java:44) [fisheyeboot.jar:?] 2020-09-15 09:05:25,361 ERROR [main ] fisheye Run-logStartupException - Could not start server: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead) at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1274) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1256) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.server.Server.doStart(Server.java:386) [jetty-server-9.4.30.v20200611.jar:9.4.30.v20200611] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) [jetty-util-9.4.30.v20200611.jar:9.4.30.v20200611] at com.cenqua.fisheye.web.WebServer.start(WebServer.java:327) [fisheye.jar:?] at com.cenqua.fisheye.ctl.Run.mainImpl(Run.java:236) [fisheye.jar:?] at com.cenqua.fisheye.ctl.Run.main(Run.java:55) [fisheye.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [?:1.8.0_261] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [?:1.8.0_261] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_261] at java.lang.reflect.Method.invoke(Method.java:498) [?:1.8.0_261] at com.cenqua.fisheye.FishEyeCtl.mainImpl(FishEyeCtl.java:101) [fisheyeboot.jar:?] at com.cenqua.fisheye.FishEyeCtl.main(FishEyeCtl.java:44) [fisheyeboot.jar:?] 2020-09-15 09:05:25,392 INFO [Thread-1 ] fisheye ShutdownService-stopImpl - Shutdown requested
Workaround
- Use a Fisheye version up to 4.8.3, which uses the old Jetty libraries 9.4.19 and where the problem does not happen, or
- Do not use a wildcard certificate, or
- Switch to plain HTTP
- Terminate SSL at proxy level instead of directly in Fisheye
- mentioned in
-
Page Failed to load
Form Name |
---|
Hello!
I would like to apologize everyone watching this bug and waiting for a release. Please let me explain the delay. In the incoming version 4.8.7 we upgraded numerous third party libraries, including an upgrade of the Google Web Toolkit library to the latest version. Unfortunately, this version turned out to be less stable and we're working on a fix. This is the only issue preventing us from releasing 4.8.7. We want to give you thoroughly tested product of high quality.
My current estimation is that we will release 4.8.7 till end of June. I am sorry for inconvenience.
Kind regards
Marek Parfianowicz
Development Team Lead