Hi, just ran into this today. The JVM is crashing when caCertificatePath is added to server.xml. I tried the latest Zulu JRE 8 and 11 but still had the crash.
ENVIRONMENT Tomcat: 9.0.89 (64-bit Windows zip) OS: Windows Server 2019 JVM: openjdk version "1.8.0_322" OpenJDK Runtime Environment (Zulu 8.60.0.21-CA-win64) (build 1.8.0_322-b06) OpenJDK 64-Bit Server VM (Zulu 8.60.0.21-CA-win64) (build 25.322-b06, mixed mode) CRASH INFO When caCertificatePath is present in server.xml and points to a valid directory (empty or with PEM files) the JVM crashes during Tomcat startup. This is the JVM console output: 14-May-2024 17:34:58.443 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio2-1.2.3.4-443"] # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00000001800ccd10, pid=1244, tid=0x0000000000000ab0 # # JRE version: OpenJDK Runtime Environment (Zulu 8.60.0.21-CA-win64) (8.0_322-b06) (build 1.8.0_322-b06) # Java VM: OpenJDK 64-Bit Server VM (25.322-b06 mixed mode windows-amd64 compressed oops) # Problematic frame: # C [tcnative-1.dll+0xccd10] # # Core dump written. Default location: D:\Program Files\apache-tomcat\bin\hs_err_pid1244.mdmp # # An error report file with more information is saved as: # D:\Program Files\apache-tomcat\bin\hs_err_pid1244.log # # If you would like to submit a bug report, please visit: # http://www.azul.com/support/ # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # CONFIG INFO Here’s the server.xml that causes the JVM crash. <Connector protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThreads="1000" port="443" scheme="https" secure="true" SSLEnabled="true" allowTrace="false" xpoweredBy="false" address="1.2.3.4" acceptCount="10000" socket.rxBufSize="131072" socket.txBufSize="131072" minSpareThreads="100" maxConnections="10000"> <SSLHostConfig protocols="TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA" disableCompression="true" disableSessionTickets="false" honorCipherOrder="true" caCertificatePath="C:\PKI\CA"> <Certificate certificateFile="C:\PKI\server.crt" certificateKeyFile="C:\PKI\server.key" certificateChainFile="C:\PKI\server-chain.pem"/> </SSLHostConfig> </Connector> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
