[jira] [Commented] (SOLR-11678) SSL not working if store and key passwords are different

Constantin Bugneac (JIRA) Mon, 27 Nov 2017 05:15:20 -0800

    [ 
https://issues.apache.org/jira/browse/SOLR-11678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16266778#comment-16266778
 ]


Constantin Bugneac commented on SOLR-11678:
-------------------------------------------

solr-master    | Starting Solr 6.6.2
solr-master    | 2017-11-22 16:55:14.815 INFO  (main) [   ] o.e.j.s.Server 
jetty-9.3.14.v20161028
solr-master    | 2017-11-22 16:55:15.087 INFO  (main) [   ] 
o.a.s.s.SolrDispatchFilter  ___      _       Welcome to Apache Solr™ version 
6.6.2
solr-master    | 2017-11-22 16:55:15.087 INFO  (main) [   ] 
o.a.s.s.SolrDispatchFilter / __| ___| |_ _   Starting in standalone mode on 
port 8983
solr-master    | 2017-11-22 16:55:15.087 INFO  (main) [   ] 
o.a.s.s.SolrDispatchFilter \__ \/ _ \ | '_|  Install dir: /opt/solr
solr-master    | 2017-11-22 16:55:15.109 INFO  (main) [   ] 
o.a.s.s.SolrDispatchFilter |___/\___/_|_|    Start time: 
2017-11-22T16:55:15.091Z
solr-master    | 2017-11-22 16:55:15.132 INFO  (main) [   ] 
o.a.s.c.SolrResourceLoader Using system property solr.solr.home: 
/opt/solr/server/solr
solr-master    | 2017-11-22 16:55:15.138 INFO  (main) [   ] 
o.a.s.c.SolrXmlConfig Loading container configuration from 
/opt/solr/server/solr/solr.xml
solr-master    | 2017-11-22 16:55:15.395 INFO  (main) [   ] 
o.a.s.u.UpdateShardHandler Creating UpdateShardHandler HTTP client with params: 
socketTimeout=600000&connTimeout=60000&retry=true
solr-master    | 2017-11-22 16:55:15.421 INFO  (main) [   ] 
o.a.s.c.CoreContainer Initializing authorization plugin: 
solr.RuleBasedAuthorizationPlugin
solr-master    | 2017-11-22 16:55:15.438 INFO  (main) [   ] 
o.a.s.c.CoreContainer Initializing authentication plugin: solr.BasicAuthPlugin
solr-master    | 2017-11-22 16:55:15.622 INFO  (main) [   ] 
o.a.s.c.CorePropertiesLocator Found 1 core definitions underneath 
/opt/solr/server/solr
solr-master    | 2017-11-22 16:55:15.625 INFO  (main) [   ] 
o.a.s.c.CorePropertiesLocator Cores are: [internal-recruitment]
solr-master    | 2017-11-22 16:55:15.631 INFO  (coreLoadExecutor-6-thread-1) [  
 ] o.a.s.c.TransientSolrCoreCacheDefault Allocating transient cache for 
2147483647 transient cores
solr-master    | 2017-11-22 16:55:15.674 INFO  (coreLoadExecutor-6-thread-1) [  
 x:*************] o.a.s.c.SolrResourceLoader [*************] Added 55 libs to 
classloader, from paths: [/opt/solr/contrib/clustering/lib, 
/opt/solr/contrib/extraction/lib, /opt/solr/contrib/langid/lib, 
/opt/solr/contrib/velocity/lib, /opt/solr/dist]
solr-master    | java.lang.reflect.InvocationTargetException
solr-master    |        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)
solr-master    |        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
solr-master    |        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
solr-master    |        at java.lang.reflect.Method.invoke(Method.java:498)
solr-master    |        at 
org.eclipse.jetty.start.Main.invokeMain(Main.java:214)
solr-master    |        at org.eclipse.jetty.start.Main.start(Main.java:457)
solr-master    |        at org.eclipse.jetty.start.Main.main(Main.java:75)
solr-master    | Caused by: java.io.IOException: Keystore was tampered with, or 
password was incorrect
solr-master    |        at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
solr-master    |        at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
solr-master    |        at 
sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
solr-master    |        at 
sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
solr-master    |        at java.security.KeyStore.load(KeyStore.java:1445)
solr-master    |        at 
org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:52)
solr-master    |        at 
org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:971)
solr-master    |        at 
org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:250)
solr-master    |        at 
org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:217)
solr-master    |        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
solr-master    |        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
solr-master    |        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:113)
solr-master    |        at 
org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:72)
solr-master    |        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
solr-master    |        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
solr-master    |        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:113)
solr-master    |        at 
org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:268)
solr-master    |        at 
org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
solr-master    |        at 
org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:235)
solr-master    |        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
solr-master    |        at 
org.eclipse.jetty.server.Server.doStart(Server.java:401)
solr-master    |        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
solr-master    |        at 
org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1516)
solr-master    |        at java.security.AccessController.doPrivileged(Native 
Method)
solr-master    |        at 
org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1441)
solr-master    |        ... 7 more
solr-master    | Caused by: java.security.UnrecoverableKeyException: Password 
verification failed
solr-master    |        at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
solr-master    |        ... 31 more
solr-master    |
solr-master    | Usage: java -jar start.jar [options] [properties] [configs]
solr-master    |        java -jar start.jar --help  # for more information
solr-master exited with code 254

> SSL not working if store and key passwords are different
> --------------------------------------------------------
>
>                 Key: SOLR-11678
>                 URL: https://issues.apache.org/jira/browse/SOLR-11678
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>    Affects Versions: 6.6.2
>            Reporter: Constantin Bugneac
>
> If I specify different passwords for store and key then Solr fails to read 
> certificate from JKS file with the attached error.
> Example:
> SOLR_SSL_KEY_STORE_PASSWORD: "secret1"
> SOLR_SSL_TRUST_STORE_PASSWORD: "secret2"
> I don't know whether this is JAVA nuance or Solr implementation issue but 
> from security point of view there is no point to have the same password 
> assigned for both the key store and private key bound to specific certificate.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SOLR-11678) SSL not working if store and key passwords are different

Reply via email to