https://bz.apache.org/bugzilla/show_bug.cgi?id=67783
Bug ID: 67783
Summary: Fault when starting tomcat with a pkcs12 keystore that
contains the TrustedKeyUsage OID
Product: Tomcat 9
Version: 9.0.80
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Servlet
Assignee: dev@tomcat.apache.org
Reporter: nhor...@gmail.com
Target Milestone: -----
working on a bug reported here:
https://github.com/openssl/openssl/issues/22215
A user reported to the openssl repo an issue in which, when a pkcs12 file is
created that has a Trusted Key Usage OID set to Any Key usage, the following is
observed when starting tomcat with the aforementioned keystore:
05-Oct-2023 14:53:20.690 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector["https-jsse-nio-10843"]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1011)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:554)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1040)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477)
Caused by: java.lang.IllegalArgumentException: Private key must be
accompanied by certificate chain
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:236)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1324)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1337)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1009)
... 13 more
Caused by: java.lang.IllegalArgumentException: Private key must be
accompanied by certificate chain
at
java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1163)
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:372)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:253)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
... 20 more
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
