[ovirt-devel] SSO and the engine
Piotr Kliczewski
piotr.kliczewski at gmail.com
Fri Jan 27 12:35:40 UTC 2017
All,
I pulled the latest source from master and rebuilt my engine. Every
time I attempt to login I see:
2017-01-27 13:22:51,403+01 INFO
[org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default
task-54) [] User admin at internal successfully logged in with scopes:
ovirt-app-admin ovirt-app-api ovirt-app-portal
ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all
ovirt-ext=token-info:authz-search
ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
ovirt-ext=token:password-access
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f514eb45734, pid=2519, tid=0x00007f51119a6700
#
# JRE version: OpenJDK Runtime Environment (8.0_111-b16) (build 1.8.0_111-b16)
# Java VM: OpenJDK 64-Bit Server VM (25.111-b16 mixed mode linux-amd64
compressed oops)
# Problematic frame:
# C [libc.so.6+0x14a734] __memcpy_avx_unaligned+0x2c4
#
# Failed to write core dump. Core dumps have been disabled. To enable
core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /tmp/hs_err_pid2519.log
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
ovirt-engine[2471] ERROR run:554 Error: process terminated with status code -6
I enabled ssl debug to find:
2017-01-27 13:22:37,641+01 INFO [stdout] (default I/O-2) default
I/O-2, fatal error: 80: problem unwrapping net record
2017-01-27 13:22:37,642+01 INFO [stdout] (default I/O-2)
java.lang.RuntimeException: java.lang.NegativeArraySizeException
2017-01-27 13:22:37,642+01 INFO [stdout] (default I/O-2) %%
Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
I/O-2, SEND TLSv1.2 ALERT: fatal, description = internal_error
2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
I/O-2, WRITE: TLSv1.2 Alert, length = 2
2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
I/O-2, called closeInbound()
2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
I/O-2, fatal: engine already closed. Rethrowing
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
I/O-2, called closeOutbound()
2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
I/O-2, closeOutboundInternal()
2017-01-27 13:22:37,644+01 INFO [stdout] (default task-1) default
task-1, received EOFException: error
2017-01-27 13:22:37,644+01 INFO [stdout] (default task-1) default
task-1, handling exception: javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake
2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) default
task-1, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) default
task-1, WRITE: TLSv1.2 Alert, length = 2
2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) [Raw
write]: length = 7
2017-01-27 13:22:37,647+01 INFO [stdout] (default task-1) 0000: 15 03
03 00 02 02 28 ......(
2017-01-27 13:22:37,647+01 INFO [stdout] (default task-1) default
task-1, called closeSocket()
2017-01-27 13:22:37,644+01 ERROR [org.xnio.nio] (default I/O-2)
XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1 at 6d665208
failed with an exception: java.lang.RuntimeException:
java.lang.NegativeArraySizeException
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429)
[jsse.jar:1.8.0_111]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
[jsse.jar:1.8.0_111]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
[jsse.jar:1.8.0_111]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
[jsse.jar:1.8.0_111]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) [rt.jar:1.8.0_111]
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:742)
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:639)
at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1035)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588)
[xnio-nio-3.4.0.Final.jar:3.4.0.Final]
at org.xnio.nio.WorkerThread.run(WorkerThread.java:468)
[xnio-nio-3.4.0.Final.jar:3.4.0.Final]
Caused by: java.security.ProviderException: java.lang.NegativeArraySizeException
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703)
[rt.jar:1.8.0_111]
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:64) [jsse.jar:1.8.0_111]
at sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1432)
[jsse.jar:1.8.0_111]
at sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1219)
[jsse.jar:1.8.0_111]
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1023)
[jsse.jar:1.8.0_111]
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:738)
[jsse.jar:1.8.0_111]
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
[jsse.jar:1.8.0_111]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
[jsse.jar:1.8.0_111]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) [jsse.jar:1.8.0_111]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) [jsse.jar:1.8.0_111]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_111]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
[jsse.jar:1.8.0_111]
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1023)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[rt.jar:1.8.0_111]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[rt.jar:1.8.0_111]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
Caused by: java.lang.NegativeArraySizeException
at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method)
at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128)
... 16 more
Are we aware of the issue? Is there any workaround?
I am using fedora 24 with all recent updates applied.
Thanks,
Piotr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hs_err_pid2519.log
Type: text/x-log
Size: 170578 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20170127/520277d5/attachment-0001.bin>
More information about the Devel
mailing list