[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156972#comment-17156972 ] Rajeswari Natarajan commented on SOLR-14105: i see the patch mentioned in the JIRA applied in solr 8.5.1 code base. But I see same exception mentioned in Jira ,but with a different stack trace > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156932#comment-17156932 ] Rajeswari Natarajan commented on SOLR-14105: OK , I see it is fixed in 8.5 . So I guess in solr 8.5.1 , we should not be seeing this issue? . We do have more DNSNames and 2 certificates in keystore > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17156931#comment-17156931 ] Rajeswari Natarajan commented on SOLR-14105: In which version of solr this issue is fixed. We are using Solr 8.5.1 in cloud mode with Java 8. We are enabling TLS with http1 (as we get a warning java 8 + solr 8.5 SSL can’t be enabled) and we get below exception. Please let me know.Send it to solr mailing list , no response. So asking here. Let me know. Thanks 2020-07-07 03:58:53.078 ERROR (main) [ ] o.a.s.c.SolrCore null:org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory class [HttpShardHandlerFactory]: java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported on Server at org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) at org.apache.solr.core.CoreContainer.load(CoreContainer.java:647) at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:263) at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:183) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:134) at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:751) at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948) at java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742) at java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742) at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580) at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:744) at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:360) at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1445) at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1409) at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:822) at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:46) at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188) at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:513) at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:154) at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:173) at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:447) at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:66) at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:784) at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:753) at org.eclipse.jetty.util.Scanner.scan(Scanner.java:641) at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:540) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.deploy.providers.ScanningAppProvider.doStart(ScanningAppProvider.java:146) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(DeploymentManager.java:599) at org.eclipse.jetty.deploy.DeploymentManager.doStart(DeploymentManager.java:249) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.server.Server.start(Server.java:407) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:100) at org.eclipse.jetty.server.Server.doStart(Server.java:371) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.xml.XmlConfiguration.lambda$main$0(XmlConfiguration.java:1888) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1837) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111236#comment-17111236 ] Tim Taranov commented on SOLR-14105: [~janhoy] unfortunately we can't retest this with the unreleased version of solr in the specific configuration where these issues occur - we've had to roll back to solr 8.3.1 for the time being. I'll retest this after solr 8.6 is released. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17106597#comment-17106597 ] Jan Høydahl commented on SOLR-14105: {quote}[~sbordet] : [~janhoy] as I said, the issues are fixed in Jetty 9.4.25+ {quote} [~ttaranov], are you able to test with 8.6-SNAPSHOT? Can be downloaded from Jenkins: https://builds.apache.org/view/L/view/Lucene/job/Solr-Artifacts-8.x/lastSuccessfulBuild/artifact/solr/package/ > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17106306#comment-17106306 ] Erick Erickson commented on SOLR-14105: --- Solr 8.6 (unreleased) has already been upgraded to Jetty 9.4.27 FWIW. There were no code changes, see SOLR-14386. Our release process produces a bunch of .sha1 files, so it looks like a bigger change than it was. https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=de32d0d > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17106299#comment-17106299 ] Simone Bordet commented on SOLR-14105: -- [~janhoy] as I said, the issues are fixed in Jetty 9.4.25+. We have tests that verify the fix, so it's either another issue, or an edge case. Please report on the Jetty issue the exact details. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17106234#comment-17106234 ] Jan Høydahl commented on SOLR-14105: I think there may several overlapping issues Solr users are facing here. You have the one Tim reported about multi host. You also have the issue when you actually do mutual TLS and Jetty will not accept a multi-host self signed cert as client cert even if it is the only cert in the keystore. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17106229#comment-17106229 ] Simone Bordet commented on SOLR-14105: -- [~janhoy] perhaps I don't understand the use case here? If you are self-connecting and the server keystore contains a self-signed certificate, then it should be enough to create a `new SslContextFactory.Client(true)` which does not do any certificate validation. If you are requesting client-side certificate authentication (i.e. `needsClientAuth=true` on server), then the client keystore must be setup properly and as such it was unlikely it ever worked with a server keystore. The client does not "pick" a certificate, normally: it just validates the one sent by the server. Most of the times you can get by _without_ a client keystore (for example when connecting to servers that send certificates that are valid and signed by a CA root). If you explain what's your use case exactly, we can be more specific. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17106221#comment-17106221 ] Jan Høydahl commented on SOLR-14105: Thanks Simone. You did not quote me correctly. I said "..*seems* a bit incomplete and trappy", and that comment is for 9.4.14 that we use. Again, a workaround is to specify a separate SOLR_SSL_CLIENT_KEY_STORE. I think it is very hard to follow the GitHub issues/PRs you link to, so even after reading them, I did not understand that 9.4.25 actually allows multi certs even on the client side? This was the behaviour we had in Solr before upgrading from 9.4.19 to 9.4.24 - Jetty would pick the first cert on the keystore instead of throwing an exception. What is the new selection logic introduced in 9.4.25 (when we use SslContextFactory.Client)? Sounds like Solr should anyway upgrade Jetty! > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17106214#comment-17106214 ] Simone Bordet commented on SOLR-14105: -- [~janhoy] perhaps it's a bit harsh to say that "the Jetty SSL code is incomplete and trappy". Feel free to open an issue to describe what's incomplete and what's trappy, and we'll fix it. We have responded to the issue opened by [~ttaranov] and we have, to my knowledge, already fixed the issue in Jetty 9.4.25. If using Jetty 9.4.25 or later in Solr does not fix the issue, let's work out the details together. Using on the client a keystore that is meant for servers, containing multiple certificates, multiple aliases, etc. is probably not best - although common practice especially for testing or in known situations (like the Solr self-connect). Having said that, Jetty must work on the client with a server keystore - and that's fixed in Jetty 9.4.25. Again, if that not the case, tell us more details. Feel free to comment on the Jetty issue. We are about to release Jetty 9.4.29, but willing to hold it if you still have problems with Solr. Thanks! > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17106155#comment-17106155 ] Jan Høydahl commented on SOLR-14105: Yes, the SSL code in Jetty seems a bit incomplete and trappy. But perhaps your solution is to use a separate KEY STORE for your client cert, specifying {{SOLR_SSL_CLIENT_KEY_STORE}} and {{SOLR_SSL_CLIENT_KEY_STORE_PASSWORD}} in solr.in.sh (there is already a section in the file describing the option, but it is not documented in RefGuide). Then you can have wildcard certs in the main keystore and they will work fine. But the code in Http2SolrClient will use the CLIENT keystore, in which you'll put a nice and clean client cert that will validate. I have done this myself. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17105849#comment-17105849 ] Tim commented on SOLR-14105: as requested by Jetty developers, opened issue https://github.com/eclipse/jetty.project/issues/4874 > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17105784#comment-17105784 ] Tim commented on SOLR-14105: The issue seems to have to do with [https://github.com/apache/lucene-solr/blob/master/solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java#L316] which in turn uses uses client jetty's SslContextFactory.Client inside Http2SolrClient, and latest jetty SslContextFactory.Client no longer seems to allow using multi domain certs. Perhaps it should be replaced with SslContextFactory.Server instead? > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17105752#comment-17105752 ] Akhmad Amirov commented on SOLR-14105: -- I created self-signed with 1 DNS entry and it still throwing "...X509ExtendedKeyManager only supported on Server..." I deployed 9.4.25 and it still says "...X509ExtendedKeyManager only supported on Server...". So, I am not sure how does it work and have anyone at all using TLS enabled Solr. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17105732#comment-17105732 ] Tim commented on SOLR-14105: This is causing issues in production Solr SSL setups that use multi domain certificates (for various deployment reasons). Any workarounds (other than generating self-signed certs and not using proper valid CA signed certs)? > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17101137#comment-17101137 ] Jan Høydahl commented on SOLR-14105: I meant to say that 8.5.1 uses Jetty 9.4.24 but the error message is improved in 9.4.25... Try running {{keytool -list -v -keystore solr-ssl.keystore.p12}} and look for Extensions and if there may be several 'DNSName' entries there. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17101129#comment-17101129 ] Akhmad Amirov commented on SOLR-14105: -- As I stated above my log shows jetty-9.4.24.v20191120, which is part of latest Solr 8.5.1 package 2020-05-06 13:16:26.831 INFO (main) [ ] o.e.j.u.log Logging initialized @738ms to org.eclipse.jetty.util.log.Slf4jLog 2020-05-06 13:16:26.894 INFO (main) [ ] o.e.j.u.TypeUtil JVM Runtime does not support Modules 2020-05-06 13:16:27.005 INFO (main) [ ] o.e.j.s.Server jetty-9.4.24.v20191120; built: 2019-11-20T21:37:49.771Z; git: 363d5f2df3a8a28de40604320230664b9c793c16; jvm 1.8.0_241-b07 2020-05-06 13:16:27.026 INFO (main) [ ] o.e.j.d.p.ScanningAppProvider Deployment monitor [file:///app/solr-8.5.1/server/contexts/] at interval 0 2020-05-06 13:16:27.238 INFO (main) [ ] o.e.j.w.StandardDescriptorProcessor NO JSP Support for /solr, did not find org.apache.jasper.servlet.JspServlet 2020-05-06 13:16:27.247 INFO (main) [ ] o.e.j.s.session DefaultSessionIdManager workerName=node0 2020-05-06 13:16:27.247 INFO (main) [ ] o.e.j.s.session No SessionScavenger set, using defaults 2020-05-06 13:16:27.248 INFO (main) [ ] o.e.j.s.session node0 Scavenging every 60ms 2020-05-06 13:16:27.294 INFO (main) [ ] o.a.s.u.c.SSLConfigurations Setting javax.net.ssl.keyStorePassword 2020-05-06 13:16:27.294 INFO (main) [ ] o.a.s.u.c.SSLConfigurations Setting javax.net.ssl.trustStorePassword 2020-05-06 13:16:27.306 INFO (main) [ ] o.a.s.s.SolrDispatchFilter Using logger factory org.apache.logging.slf4j.Log4jLoggerFactory 2020-05-06 13:16:27.309 INFO (main) [ ] o.a.s.s.SolrDispatchFilter ___ _ Welcome to Apache Solr™ version 8.5.1 2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter / __| ___| |_ _ Starting in cloud mode on port 8443 2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter \__ \/ _ \ | '_| Install dir: /app/solr 2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter |___/\___/_|_| Start time: 2020-05-06T18:16:27.312Z 2020-05-06 13:16:27.330 INFO (main) [ ] o.a.s.c.SolrResourceLoader Using system property solr.solr.home: /app/solr/server/solr 2020-05-06 13:16:27.373 INFO (main) [ ] o.a.s.c.c.ConnectionManager Waiting for client to connect to ZooKeeper 2020-05-06 13:16:27.395 INFO (zkConnectionManagerCallback-2-thread-1) [ ] o.a.s.c.c.ConnectionManager zkClient has connected 2020-05-06 13:16:27.395 INFO (main) [ ] o.a.s.c.c.ConnectionManager Client is connected to ZooKeeper 2020-05-06 13:16:27.504 INFO (main) [ ] o.a.s.s.SolrDispatchFilter Loading solr.xml from SolrHome (not found in ZooKeeper) 2020-05-06 13:16:27.506 INFO (main) [ ] o.a.s.c.SolrXmlConfig Loading container configuration from /app/solr/server/solr/solr.xml 2020-05-06 13:16:27.556 INFO (main) [ ] o.a.s.c.SolrXmlConfig MBean server found: com.sun.jmx.mbeanserver.JmxMBeanServer@1e802ef9, but no JMX reporters were configured - adding default JMX reporter. 2020-05-06 13:16:27.946 INFO (main) [ ] o.a.s.h.c.HttpShardHandlerFactory Host whitelist initialized: WhitelistHostChecker [whitelistHosts=null, whitelistHostCheckingEnabled=true] 2020-05-06 13:16:27.972 WARN (main) [ ] o.a.s.c.s.i.Http2SolrClient Create Http2SolrClient with HTTP/1.1 transport since Java 8 or lower versions does not support SSL + HTTP/2 2020-05-06 13:16:28.310 INFO (main) [ ] o.e.j.u.s.SslContextFactory x509=X509@b5cc23a(node1.my.com,h=[10.32.101.240, node1.my.com],w=[]) for Client@69f63d95[provider=null,keyStore=file:///app/certificates/solr-ssl.keystore.p12,trustStore=file:///app/certificates/solr-ssl.truststore.p12] 2020-05-06 13:16:28.460 ERROR (main) [ ] o.a.s.c.SolrCore null:org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory class [HttpShardHandlerFactory]: java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported on Server2020-05-06 13:16:28.460 ERROR (main) [ ] o.a.s.c.SolrCore null:org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory class [HttpShardHandlerFactory]: java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported on Server at org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) at org.apache.solr.core.CoreContainer.load(CoreContainer.java:647) at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:263) at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:183) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:134) at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:751) at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948) at java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742) at
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17101112#comment-17101112 ] Jan Høydahl commented on SOLR-14105: The message you are seeing is misleading and is improved in Jetty 9.4.24 (https://github.com/eclipse/jetty.project/issues/4425). The new message is: > KeyStores with multiple certificates are not supported on the base class I believe this means that your SSL client cert for Solr's client to use cannot be a wildcard cert and cannot have more than one host name (alias). > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17101085#comment-17101085 ] Aaron Kalsnes commented on SOLR-14105: -- I'm seeing the same behavior with Solr 8.5.1: {{java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported on *Server*}} I am not a Java developer, but according to Jetty's ([https://github.com/eclipse/jetty.project/issues/4425]), this error is happening because: {quote}"The issue is that we had to split the {{SslContextFactory}} into a client and server version, rather than a single class for both. If you have code that previously instantiated {{SslContextFactory}} directly, then it will mostly work other than SNI. The fix is to change to use {{SslContextFactory.Server}} instead of just {{SslContextFactory}}." {quote} Looking at [https://github.com/apache/lucene-solr/blob/master/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Http2SolrClient.java], I do not see ".Server" anywhere. I assume that "Server" in the error message is referring to "SslContextFactory.Server" Here is the stack trace: {noformat} 2020-05-06 13:18:18.149 ERROR (main) [ ] o.a.s.c.SolrCore null:org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory class [HttpShardHandlerFactory]: java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported on Server at org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) at org.apache.solr.core.CoreContainer.load(CoreContainer.java:647) at org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:263) at org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:183) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:134) at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:751) at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948) at java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742) at java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742) at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580) at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:744) at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:360) at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1445) at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1409) at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:822) at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:46) at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:188) at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:513) at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:154) at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:173) at org.eclipse.jetty.deploy.providers.WebAppProvider.fileAdded(WebAppProvider.java:447) at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:66) at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:784) at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:753) at org.eclipse.jetty.util.Scanner.scan(Scanner.java:641) at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:540) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.deploy.providers.ScanningAppProvider.doStart(ScanningAppProvider.java:146) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(DeploymentManager.java:599) at org.eclipse.jetty.deploy.DeploymentManager.doStart(DeploymentManager.java:249) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.server.Server.start(Server.java:407) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17088913#comment-17088913 ] Akhmad Amirov commented on SOLR-14105: -- So what version of jetty has the bug fix? It seems 8.5.1 Solr version comes with Server jetty-9.4.24.v20191120; built: 2019-11-20T21:37:49.771Z; git: 363d5f2df3a8a28de40604320230664b9c793c16; jvm 1.8.0_241-b07. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17088776#comment-17088776 ] Akhmad Amirov commented on SOLR-14105: -- I just followed the doc to enable SSL: [https://lucene.apache.org/solr/guide/8_5/enabling-ssl.html]. I have only 1 cert in keystore, and the error is from log right after Solr start > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17088144#comment-17088144 ] Akhmad Amirov commented on SOLR-14105: -- in what version it is resolved? I have the below error in 8.5.1: 2020-04-20 17:41:05.841 ERROR (main) [ ] o.a.s.c.SolrCore null:org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory class [HttpShardHandlerFactory]: java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported on Server2020-04-20 17:41:05.841 ERROR (main) [ ] o.a.s.c.SolrCore null:org.apache.solr.common.SolrException: Error instantiating shardHandlerFactory class [HttpShardHandlerFactory]: java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported on Server at org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) at org.apache.solr.core.CoreContainer.load(CoreContainer.java:647) at o . org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117) at org.eclipse.jetty.client.HttpClient.doStart(HttpClient.java:244) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) at org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:221) ... 54 more > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16999124#comment-16999124 ] Kevin Risden commented on SOLR-14105: - Going to fix this all in SOLR-14106 > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Fix For: 8.5 > > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16999123#comment-16999123 ] Kevin Risden commented on SOLR-14105: - Yea agreed on merging. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Fix For: 8.5 > > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16998986#comment-16998986 ] Jan Høydahl commented on SOLR-14105: Looked at the patch and seems like you cleaned up some of the mess :) Did not get a chance to test it yet. In my opinion we should merge this with SOLR-14106 since I believe they are intertwined and will not be merged to 8.4.x but be released in 8.5. At least that's my suggestion that I commented in 14106. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Fix For: 8.5 > > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
[jira] [Commented] (SOLR-14105) Http2SolrClient SSL not working in branch_8x
[ https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16998744#comment-16998744 ] Kevin Risden commented on SOLR-14105: - Uploaded a patch that goes further than what Jan was suggesting in SOLR-14106. I ran it through the first set of tests on Mac and looks good. It builds upon SOLR-14106 (at least locally) so testing together seems to work correctly. I need to do some more sanity checks on it, but overall I'm happy with the approach. > Http2SolrClient SSL not working in branch_8x > > > Key: SOLR-14105 > URL: https://issues.apache.org/jira/browse/SOLR-14105 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) >Affects Versions: 8.5 >Reporter: Jan Høydahl >Assignee: Kevin Risden >Priority: Major > Fix For: 8.5 > > Attachments: SOLR-14105.patch > > > In branch_8x we upgraded to Jetty 9.4.24. This causes the following > exceptions when attempting to start server with SSL: > {noformat} > 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore > null:org.apache.solr.common.SolrException: Error instantiating > shardHandlerFactory class [HttpShardHandlerFactory]: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56) > at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633) > ... > Caused by: java.lang.RuntimeException: > java.lang.UnsupportedOperationException: X509ExtendedKeyManager only > supported on Server > at > org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224) > at > org.apache.solr.client.solrj.impl.Http2SolrClient.(Http2SolrClient.java:154) > at > org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833) > at > org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321) > at > org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51) > ... 50 more > Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager > only supported on Server > at > org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273) > at > org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255) > at > org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374) > at > org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245) > {noformat} -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org