Bug#1055348: jetty9: Update from DLA 3641 breaks puppetdb ("Exception in thread "main" java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory")

Adam D. Barratt adam at adam-barratt.org.uk
Sat Nov 4 17:03:14 GMT 2023 

Source: jetty9
Version: 9.4.50-4+deb10u1
Severity: serious
X-Debbugs-Cc: dsa at debian.org

Hi,

Upgrading libjetty9-java and libjetty9-extra-java to the version from
DLA 3641-1 reliably causes PuppetDB to fail to start, with the
stacktrace shown below. Downgrading resolves the issue.

I'm not sure which keystore is being referred to, but none of the files
listed in /etc/puppetdb/conf.d/jetty.ini appear to contain more than a
single certificate.

Regards,

Adam

-- Logs begin at Sat 2023-11-04 14:52:45 UTC, end at Sat 2023-11-04 16:16:11 UTC. --
Nov 04 14:52:50 handel systemd[1]: Started Puppet data warehouse server.
Nov 04 14:53:22 handel java[1669]: WARNING: boolean? already refers to: #'clojure.core/boolean? in namespace: puppetlabs.trapperkeeper.internal, being replaced by: #'puppetlabs.kitchensink.core/boolean?
Nov 04 14:53:32 handel java[1669]: 14:53:32.886 [main] DEBUG puppetlabs.puppetdb.http - The v1 API has been retired; please use v4 Caught HTTP processing exception
Nov 04 14:53:32 handel java[1669]: 14:53:32.898 [main] DEBUG puppetlabs.puppetdb.http - The v2 API has been retired; please use v4 Caught HTTP processing exception
Nov 04 14:53:32 handel java[1669]: 14:53:32.899 [main] DEBUG puppetlabs.puppetdb.http - The v3 API has been retired; please use v4 Caught HTTP processing exception
Nov 04 14:53:34 handel java[1669]: 14:53:34.073 [main] DEBUG puppetlabs.trapperkeeper.bootstrap - Loading bootstrap config from classpath: 'jar:file:/usr/share/puppetdb/puppetdb.jar!/bootstrap.cfg'
Nov 04 14:53:39 handel java[1669]: Exception in thread "main" java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.ssl.SslContextFactory.newSniX509ExtendedKeyManager(SslContextFactory.java:1289)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyManagers(SslContextFactory.java:1271)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:373)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:244)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:323)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.server.Server.doStart(Server.java:401)
Nov 04 14:53:39 handel java[1669]:         at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
Nov 04 14:53:39 handel java[1669]:         at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Nov 04 14:53:39 handel java[1669]:         at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Nov 04 14:53:39 handel java[1669]:         at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Nov 04 14:53:39 handel java[1669]:         at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Nov 04 14:53:39 handel java[1669]:         at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
Nov 04 14:53:39 handel java[1669]:         at clojure.lang.Reflector.invokeNoArgInstanceMember(Reflector.java:438)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval43528$start_webserver_BANG___43533$fn__43534$fn__43535.invoke(jetty9_core.clj:685)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval43528$start_webserver_BANG___43533$fn__43534.invoke(jetty9_core.clj:684)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval43528$start_webserver_BANG___43533.invoke(jetty9_core.clj:677)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services.webserver.jetty9_core$start_server_single_default.invokeStatic(jetty9_core.clj:929)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services.webserver.jetty9_core$start_server_single_default.invoke(jetty9_core.clj:926)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval43947$start_BANG___43952$fn__43953.invoke(jetty9_core.clj:1008)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services.webserver.jetty9_core$eval43947$start_BANG___43952.invoke(jetty9_core.clj:1003)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services.webserver.jetty9_service$reify__44354$service_fnk__23931__auto___positional$reify__44361.start(jetty9_service.clj:44)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services$eval23729$fn__23743$G__23719__23746.invoke(services.clj:8)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.services$eval23729$fn__23743$G__23718__23750.invoke(services.clj:8)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24312$run_lifecycle_fn_BANG___24319$fn__24320.invoke(internal.clj:204)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24312$run_lifecycle_fn_BANG___24319.invoke(internal.clj:187)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24341$run_lifecycle_fns__24346$fn__24347.invoke(internal.clj:238)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24341$run_lifecycle_fns__24346.invoke(internal.clj:215)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24899$build_app_STAR___24908$fn$reify__24920.start(internal.clj:591)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24947$boot_services_for_app_STAR__STAR___24954$fn__24955$fn__24957.invoke(internal.clj:617)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24947$boot_services_for_app_STAR__STAR___24954$fn__24955.invoke(internal.clj:615)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24947$boot_services_for_app_STAR__STAR___24954.invoke(internal.clj:609)
Nov 04 14:53:39 handel java[1669]:         at clojure.core$partial$fn__5826.invoke(core.clj:2630)
Nov 04 14:53:39 handel java[1669]:         at puppetlabs.trapperkeeper.internal$eval24383$initialize_lifecycle_worker__24394$fn__24395$fn__24534$state_machine__12865__auto____24559$fn__24562.invoke(internal.clj:
Nov 04 14:53:39 handel java[1669]:         at clojure.core.async.impl.ioc_macros$run_state_machine.invokeStatic(ioc_macros.clj:973)
Nov 04 14:53:39 handel java[1669]:         at clojure.core.async.impl.ioc_macros$run_state_machine.invoke(ioc_macros.clj:972)
Nov 04 14:53:39 handel java[1669]:         at clojure.core.async.impl.ioc_macros$run_state_machine_wrapped.invokeStatic(ioc_macros.clj:977)
Nov 04 14:53:39 handel java[1669]:         at clojure.core.async.impl.ioc_macros$run_state_machine_wrapped.invoke(ioc_macros.clj:975)
Nov 04 14:53:39 handel java[1669]:         at clojure.core.async$ioc_alts_BANG_$fn__13094.invoke(async.clj:384)
Nov 04 14:53:39 handel java[1669]:         at clojure.core.async$do_alts$fn__13026$fn__13029.invoke(async.clj:253)
Nov 04 14:53:39 handel java[1669]:         at clojure.core.async.impl.channels.ManyToManyChannel$fn__7046$fn__7047.invoke(channels.clj:95)
Nov 04 14:53:39 handel java[1669]:         at clojure.lang.AFn.run(AFn.java:22)
Nov 04 14:53:39 handel java[1669]:         at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
Nov 04 14:53:39 handel java[1669]:         at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
Nov 04 14:53:39 handel java[1669]:         at java.base/java.lang.Thread.run(Thread.java:829)
Nov 04 14:53:39 handel systemd[1]: puppetdb.service: Main process exited, code=exited, status=1/FAILURE
Nov 04 14:53:39 handel systemd[1]: puppetdb.service: Failed with result 'exit-code'.

More information about the pkg-java-maintainers mailing list