[cas-user] Redis ticket registry 7.0.0-RC8 - SSL support bug?

Tue, 17 Oct 2023 21:35:48 -0700 

There appears to be a possible bug in the Redis ticket registry regarding 
SSL usage. I believe this issue has been referenced in a few other posts, 
eg. https://groups.google.com/g/jasig-cas-user/c/lql-282-_lc

The RedisConnectionFactory bean provided via 
RedisTicketRegistryConfiguration uses the CasSSLContext, which in most 
cases will be the system() default context (following the logic 
in CasCoreHttpConfiguration.CasCoreHttpTlsConfiguration) to provide the SSL 
options for the lettuce pool config: 
RedisObjectFactory.newRedisConnectionFactory 
-> getRedisPoolClientConfig.  Specifically, the keyManager and trustManager 
properties.  The keyManagerFactory that is provided by the system  
CasSSLContext is never initialized via the init() method.

This results in the follow stack trace at runtime:

Caused by: java.lang.IllegalStateException: KeyManagerFactoryImpl is not 
initialized
        at 
sun.security.ssl.KeyManagerFactoryImpl.engineGetKeyManagers(KeyManagerFactoryImpl.java:51)
 
~[?:?]
        at 
javax.net.ssl.KeyManagerFactory.getKeyManagers(KeyManagerFactory.java:303) 
~[?:?]
        at 
io.netty.handler.ssl.JdkSslClientContext.newSSLContext(JdkSslClientContext.java:294)
 
~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
        at 
io.netty.handler.ssl.JdkSslClientContext.<init>(JdkSslClientContext.java:272) 
~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
        at 
io.netty.handler.ssl.SslContext.newClientContextInternal(SslContext.java:829) 
~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
        at 
io.netty.handler.ssl.SslContextBuilder.build(SslContextBuilder.java:615) 
~[netty-handler-4.1.99.Final.jar:4.1.99.Final]
        at 
io.lettuce.core.SslConnectionBuilder$SslChannelInitializer.initializeSSLEngine(SslConnectionBuilder.java:174)
 
~[lettuce-core-6.2.6.RELEASE.jar:6.2.6.RELEASE]
        at 
io.lettuce.core.SslConnectionBuilder$SslChannelInitializer.initChannel(SslConnectionBuilder.java:147)
 
~[lettuce-core-6.2.6.RELEASE.jar:6.2.6.RELEASE]

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/65e8b6e5-6dea-4fb2-a794-f9ff3693514cn%40apereo.org.

Reply via email to