[
https://issues.apache.org/jira/browse/GEODE-9394?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17537826#comment-17537826
]
Alexander Murmann commented on GEODE-9394:
------------------------------------------
[~jblum] Sorry, to follow up after such a long time. Do you recall what you did
to run into this issue? Also, when you say "retained between Geode instance
runs", I think you mean server restarts. However, you prose that somehow our
statics are causing this, but those of course don't persists between restarts.
What's the "instance runs" you are referring to?
> Apache Geode does not properly cleanup its SSL context between runs
> -------------------------------------------------------------------
>
> Key: GEODE-9394
> URL: https://issues.apache.org/jira/browse/GEODE-9394
> Project: Geode
> Issue Type: Bug
> Components: security
> Reporter: John Blum
> Priority: Critical
>
> Because Geode internally uses may statics to maintain state and to pass
> configuration between components in a non-Object Oriented fashion, I believe
> stale SSL configuration is being retained between Geode instance runs,
> leading to Exceptions thrown of the following nature:
> {code}
> Caused by: org.apache.geode.GemFireConfigException: Error configuring GemFire
> ssl
> at
> org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:249)
> at
> org.apache.geode.internal.net.SocketCreator.<init>(SocketCreator.java:180)
> at
> org.apache.geode.internal.net.SocketCreatorFactory.createSSLSocketCreator(SocketCreatorFactory.java:114)
> at
> org.apache.geode.internal.net.SocketCreatorFactory.getSSLSocketCreator(SocketCreatorFactory.java:88)
> at
> org.apache.geode.internal.net.SocketCreatorFactory.getOrCreateSocketCreatorForSSLEnabledComponent(SocketCreatorFactory.java:104)
> at
> org.apache.geode.internal.net.SocketCreatorFactory.getSocketCreatorForComponent(SocketCreatorFactory.java:74)
> at
> org.apache.geode.cache.client.internal.ConnectionFactoryImpl.<init>(ConnectionFactoryImpl.java:84)
> at
> org.apache.geode.cache.client.internal.PoolImpl.<init>(PoolImpl.java:261)
> at
> org.apache.geode.cache.client.internal.PoolImpl.create(PoolImpl.java:161)
> at
> org.apache.geode.internal.cache.PoolFactoryImpl.create(PoolFactoryImpl.java:374)
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.determineDefaultPool(GemFireCacheImpl.java:2835)
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.getDefaultPool(GemFireCacheImpl.java:1321)
> at
> org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.getDefaultPool(ClientRegionFactoryImpl.java:101)
> at
> org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.createRegionAttributes(ClientRegionFactoryImpl.java:249)
> at
> org.apache.geode.cache.client.internal.ClientRegionFactoryImpl.create(ClientRegionFactoryImpl.java:232)
> at
> org.springframework.data.gemfire.client.ClientRegionFactoryBean.newRegion(ClientRegionFactoryBean.java:193)
> at
> org.springframework.data.gemfire.client.ClientRegionFactoryBean.createRegion(ClientRegionFactoryBean.java:164)
> at
> org.springframework.data.gemfire.ResolvableRegionFactoryBean.afterPropertiesSet(ResolvableRegionFactoryBean.java:96)
> at
> org.springframework.data.gemfire.config.annotation.support.CacheTypeAwareRegionFactoryBean.newClientRegion(CacheTypeAwareRegionFactoryBean.java:181)
> at
> org.springframework.data.gemfire.config.annotation.support.CacheTypeAwareRegionFactoryBean.createRegion(CacheTypeAwareRegionFactoryBean.java:141)
> at
> org.springframework.data.gemfire.ResolvableRegionFactoryBean.afterPropertiesSet(ResolvableRegionFactoryBean.java:96)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1858)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1795)
> ... 69 more
> Caused by: java.security.UnrecoverableKeyException: Password must not be null
> at
> sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:134)
> at
> sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:57)
> at
> sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
> at
> sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:71)
> at java.security.KeyStore.getKey(KeyStore.java:1023)
> at
> sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:145)
> at
> sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)
> at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)
> at
> org.apache.geode.internal.net.SocketCreator.getKeyManagers(SocketCreator.java:422)
> at
> org.apache.geode.internal.net.SocketCreator.createAndConfigureSSLContext(SocketCreator.java:292)
> at
> org.apache.geode.internal.net.SocketCreator.initialize(SocketCreator.java:246)
> ... 91 more
> {code}
> In the StackTrace above, SSL was not even configured between the Geode client
> and server even though Geode thinks it was.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
