[
https://issues.apache.org/jira/browse/SOLR-14105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17101129#comment-17101129
]
Akhmad Amirov edited comment on SOLR-14105 at 5/6/20, 7:54 PM:
---------------------------------------------------------------
As I stated above my log shows jetty-9.4.24.v20191120, which is part of latest
Solr 8.5.1 package
2020-05-06 13:16:26.831 INFO (main) [ ] o.e.j.u.log Logging initialized @738ms
to org.eclipse.jetty.util.log.Slf4jLog
2020-05-06 13:16:26.894 INFO (main) [ ] o.e.j.u.TypeUtil JVM Runtime does not
support Modules
2020-05-06 13:16:27.005 INFO (main) [ ] o.e.j.s.Server jetty-9.4.24.v20191120;
built: 2019-11-20T21:37:49.771Z; git: 363d5f2df3a8a28de40604320230664b9c793c16;
jvm 1.8.0_241-b07
2020-05-06 13:16:27.026 INFO (main) [ ] o.e.j.d.p.ScanningAppProvider
Deployment monitor [file:///app/solr-8.5.1/server/contexts/] at interval 0
2020-05-06 13:16:27.238 INFO (main) [ ] o.e.j.w.StandardDescriptorProcessor NO
JSP Support for /solr, did not find org.apache.jasper.servlet.JspServlet
2020-05-06 13:16:27.247 INFO (main) [ ] o.e.j.s.session
DefaultSessionIdManager workerName=node0
2020-05-06 13:16:27.247 INFO (main) [ ] o.e.j.s.session No SessionScavenger
set, using defaults
2020-05-06 13:16:27.248 INFO (main) [ ] o.e.j.s.session node0 Scavenging every
600000ms
2020-05-06 13:16:27.294 INFO (main) [ ] o.a.s.u.c.SSLConfigurations Setting
javax.net.ssl.keyStorePassword
2020-05-06 13:16:27.294 INFO (main) [ ] o.a.s.u.c.SSLConfigurations Setting
javax.net.ssl.trustStorePassword
2020-05-06 13:16:27.306 INFO (main) [ ] o.a.s.s.SolrDispatchFilter Using
logger factory org.apache.logging.slf4j.Log4jLoggerFactory
2020-05-06 13:16:27.309 INFO (main) [ ] o.a.s.s.SolrDispatchFilter ___ _
Welcome to Apache Solr™ version 8.5.1
2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter / __| ___|
|_ _ Starting in cloud mode on port 8443
2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter __ \/ _ \ |
'_| Install dir: /app/solr
2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter
|___/___/_|_| Start time: 2020-05-06T18:16:27.312Z
2020-05-06 13:16:27.330 INFO (main) [ ] o.a.s.c.SolrResourceLoader Using
system property solr.solr.home: /app/solr/server/solr
2020-05-06 13:16:27.373 INFO (main) [ ] o.a.s.c.c.ConnectionManager Waiting
for client to connect to ZooKeeper
2020-05-06 13:16:27.395 INFO (zkConnectionManagerCallback-2-thread-1) [ ]
o.a.s.c.c.ConnectionManager zkClient has connected
2020-05-06 13:16:27.395 INFO (main) [ ] o.a.s.c.c.ConnectionManager Client is
connected to ZooKeeper
2020-05-06 13:16:27.504 INFO (main) [ ] o.a.s.s.SolrDispatchFilter Loading
solr.xml from SolrHome (not found in ZooKeeper)
2020-05-06 13:16:27.506 INFO (main) [ ] o.a.s.c.SolrXmlConfig Loading
container configuration from /app/solr/server/solr/solr.xml
2020-05-06 13:16:27.556 INFO (main) [ ] o.a.s.c.SolrXmlConfig MBean server
found: com.sun.jmx.mbeanserver.JmxMBeanServer@1e802ef9, but no JMX reporters
were configured - adding default JMX reporter.
2020-05-06 13:16:27.946 INFO (main) [ ] o.a.s.h.c.HttpShardHandlerFactory Host
whitelist initialized: WhitelistHostChecker [whitelistHosts=null,
whitelistHostCheckingEnabled=true]
2020-05-06 13:16:27.972 WARN (main) [ ] o.a.s.c.s.i.Http2SolrClient Create
Http2SolrClient with HTTP/1.1 transport since Java 8 or lower versions does not
support SSL + HTTP/2
2020-05-06 13:16:28.310 INFO (main) [ ] o.e.j.u.s.SslContextFactory
x509=X509@b5cc23a(node1.my.com,h=[11.111.111.111, node1.my.com],w=[]) for
Client@69f63d95[provider=null,keyStore=file:///app/certificates/solr-ssl.keystore.p12,trustStore=file:///app/certificates/solr-ssl.truststore.p12]
2020-05-06 13:16:28.460 ERROR (main) [ ] o.a.s.c.SolrCore
null:org.apache.solr.common.SolrException: Error instantiating
shardHandlerFactory class [HttpShardHandlerFactory]:
java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported
on Server2020-05-06 13:16:28.460 ERROR (main) [ ] o.a.s.c.SolrCore
null:org.apache.solr.common.SolrException: Error instantiating
shardHandlerFactory class [HttpShardHandlerFactory]:
java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported
on Server at
org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56)
at org.apache.solr.core.CoreContainer.load(CoreContainer.java:647) at
org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:263)
at
org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:183) at
org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:134) at
org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:751)
at
java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
at
java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742)
at
java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:744)
----
And keystore does have only 1 entry and it's not wildcard cert.
>>>>>>
keytool -list -keystore solr-ssl.keystore.p12
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
node1.my.com, May 6, 2020, PrivateKeyEntry,
Certificate fingerprint (SHA1):
A7:76:31:C4:B3:AC:B6:DE:CB:F7:99:5B:E1:1B:25:B4:DD:F8:9C:36
>>>>>>
is anything else we can check to clarify that issue is not fixed?
was (Author: lukum2118):
As I stated above my log shows jetty-9.4.24.v20191120, which is part of latest
Solr 8.5.1 package
2020-05-06 13:16:26.831 INFO (main) [ ] o.e.j.u.log Logging initialized @738ms
to org.eclipse.jetty.util.log.Slf4jLog
2020-05-06 13:16:26.894 INFO (main) [ ] o.e.j.u.TypeUtil JVM Runtime does not
support Modules
2020-05-06 13:16:27.005 INFO (main) [ ] o.e.j.s.Server jetty-9.4.24.v20191120;
built: 2019-11-20T21:37:49.771Z; git: 363d5f2df3a8a28de40604320230664b9c793c16;
jvm 1.8.0_241-b07
2020-05-06 13:16:27.026 INFO (main) [ ] o.e.j.d.p.ScanningAppProvider
Deployment monitor [file:///app/solr-8.5.1/server/contexts/] at interval 0
2020-05-06 13:16:27.238 INFO (main) [ ] o.e.j.w.StandardDescriptorProcessor NO
JSP Support for /solr, did not find org.apache.jasper.servlet.JspServlet
2020-05-06 13:16:27.247 INFO (main) [ ] o.e.j.s.session DefaultSessionIdManager
workerName=node0
2020-05-06 13:16:27.247 INFO (main) [ ] o.e.j.s.session No SessionScavenger
set, using defaults
2020-05-06 13:16:27.248 INFO (main) [ ] o.e.j.s.session node0 Scavenging every
600000ms
2020-05-06 13:16:27.294 INFO (main) [ ] o.a.s.u.c.SSLConfigurations Setting
javax.net.ssl.keyStorePassword
2020-05-06 13:16:27.294 INFO (main) [ ] o.a.s.u.c.SSLConfigurations Setting
javax.net.ssl.trustStorePassword
2020-05-06 13:16:27.306 INFO (main) [ ] o.a.s.s.SolrDispatchFilter Using logger
factory org.apache.logging.slf4j.Log4jLoggerFactory
2020-05-06 13:16:27.309 INFO (main) [ ] o.a.s.s.SolrDispatchFilter ___ _
Welcome to Apache Solr™ version 8.5.1
2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter / __| ___|
|_ _ Starting in cloud mode on port 8443
2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter \__ \/ _ \ |
'_| Install dir: /app/solr
2020-05-06 13:16:27.312 INFO (main) [ ] o.a.s.s.SolrDispatchFilter
|___/\___/_|_| Start time: 2020-05-06T18:16:27.312Z
2020-05-06 13:16:27.330 INFO (main) [ ] o.a.s.c.SolrResourceLoader Using system
property solr.solr.home: /app/solr/server/solr
2020-05-06 13:16:27.373 INFO (main) [ ] o.a.s.c.c.ConnectionManager Waiting for
client to connect to ZooKeeper
2020-05-06 13:16:27.395 INFO (zkConnectionManagerCallback-2-thread-1) [ ]
o.a.s.c.c.ConnectionManager zkClient has connected
2020-05-06 13:16:27.395 INFO (main) [ ] o.a.s.c.c.ConnectionManager Client is
connected to ZooKeeper
2020-05-06 13:16:27.504 INFO (main) [ ] o.a.s.s.SolrDispatchFilter Loading
solr.xml from SolrHome (not found in ZooKeeper)
2020-05-06 13:16:27.506 INFO (main) [ ] o.a.s.c.SolrXmlConfig Loading container
configuration from /app/solr/server/solr/solr.xml
2020-05-06 13:16:27.556 INFO (main) [ ] o.a.s.c.SolrXmlConfig MBean server
found: com.sun.jmx.mbeanserver.JmxMBeanServer@1e802ef9, but no JMX reporters
were configured - adding default JMX reporter.
2020-05-06 13:16:27.946 INFO (main) [ ] o.a.s.h.c.HttpShardHandlerFactory Host
whitelist initialized: WhitelistHostChecker [whitelistHosts=null,
whitelistHostCheckingEnabled=true]
2020-05-06 13:16:27.972 WARN (main) [ ] o.a.s.c.s.i.Http2SolrClient Create
Http2SolrClient with HTTP/1.1 transport since Java 8 or lower versions does not
support SSL + HTTP/2
2020-05-06 13:16:28.310 INFO (main) [ ] o.e.j.u.s.SslContextFactory
x509=X509@b5cc23a(node1.my.com,h=[10.32.101.240, node1.my.com],w=[]) for
Client@69f63d95[provider=null,keyStore=file:///app/certificates/solr-ssl.keystore.p12,trustStore=file:///app/certificates/solr-ssl.truststore.p12]
2020-05-06 13:16:28.460 ERROR (main) [ ] o.a.s.c.SolrCore
null:org.apache.solr.common.SolrException: Error instantiating
shardHandlerFactory class [HttpShardHandlerFactory]:
java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported
on Server2020-05-06 13:16:28.460 ERROR (main) [ ] o.a.s.c.SolrCore
null:org.apache.solr.common.SolrException: Error instantiating
shardHandlerFactory class [HttpShardHandlerFactory]:
java.lang.UnsupportedOperationException: X509ExtendedKeyManager only supported
on Server at
org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56)
at org.apache.solr.core.CoreContainer.load(CoreContainer.java:647) at
org.apache.solr.servlet.SolrDispatchFilter.createCoreContainer(SolrDispatchFilter.java:263)
at
org.apache.solr.servlet.SolrDispatchFilter.init(SolrDispatchFilter.java:183) at
org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:134) at
org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:751)
at
java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
at
java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742)
at
java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:744)
-----
And keystore does have only 1 entry and it's not wildcard cert.
>>>>>>
keytool -list -keystore solr-ssl.keystore.p12
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
node1.my.com, May 6, 2020, PrivateKeyEntry,
Certificate fingerprint (SHA1):
A7:76:31:C4:B3:AC:B6:DE:CB:F7:99:5B:E1:1B:25:B4:DD:F8:9C:36
>>>>>>
is anything else we can check to clarify that issue is not fixed?
> Http2SolrClient SSL not working in branch_8x
> --------------------------------------------
>
> Key: SOLR-14105
> URL: https://issues.apache.org/jira/browse/SOLR-14105
> Project: Solr
> Issue Type: Bug
> Affects Versions: 8.5
> Reporter: Jan Høydahl
> Assignee: Kevin Risden
> Priority: Major
> Attachments: SOLR-14105.patch
>
>
> In branch_8x we upgraded to Jetty 9.4.24. This causes the following
> exceptions when attempting to start server with SSL:
> {noformat}
> 2019-12-17 14:46:16.646 ERROR (main) [ ] o.a.s.c.SolrCore
> null:org.apache.solr.common.SolrException: Error instantiating
> shardHandlerFactory class [HttpShardHandlerFactory]:
> java.lang.UnsupportedOperationException: X509ExtendedKeyManager only
> supported on Server
> at
> org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:56)
> at org.apache.solr.core.CoreContainer.load(CoreContainer.java:633)
> ...
> Caused by: java.lang.RuntimeException:
> java.lang.UnsupportedOperationException: X509ExtendedKeyManager only
> supported on Server
> at
> org.apache.solr.client.solrj.impl.Http2SolrClient.createHttpClient(Http2SolrClient.java:224)
> at
> org.apache.solr.client.solrj.impl.Http2SolrClient.<init>(Http2SolrClient.java:154)
> at
> org.apache.solr.client.solrj.impl.Http2SolrClient$Builder.build(Http2SolrClient.java:833)
> at
> org.apache.solr.handler.component.HttpShardHandlerFactory.init(HttpShardHandlerFactory.java:321)
> at
> org.apache.solr.handler.component.ShardHandlerFactory.newInstance(ShardHandlerFactory.java:51)
> ... 50 more
> Caused by: java.lang.UnsupportedOperationException: X509ExtendedKeyManager
> only supported on Server
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1273)
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1255)
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:374)
> at
> org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:245)
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
