Bug#1055348: jetty9: Update from DLA 3641 breaks puppetdb ("Exception in thread "main" java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory")
Markus Koschany
apo at debian.org
Sun Nov 5 18:18:54 GMT 2023
Am Sonntag, dem 05.11.2023 um 16:33 +0000 schrieb Adam D. Barratt:
> [...]
> Do you have an idea how simple rebuilding the bullseye package on
> buster would be? I'm happy to try that in general, but I've not really
> looked at the Java ecosystem in Debian much.
Sorry, I missed those new or updated dependencies. That complicates the matter
a little. We also have to deal with clojure here, a LISP dialect of the Java
language with a different build system (leiningen), but if all dependencies
were in place a rebuild would be pretty simple. As a last resort I could bundle
all those dependencies together with trapperkeeper-* the Java way TM but I hope
we can avoid that.
The most ideal solution is a patch for the current version in Buster. I have
uploaded a new revision to people.debian.org with minimal changes here:
https://people.debian.org/~apo/lts/buster/trapperkeeper-webserver-jetty9-clojure/
dget -
x https://people.debian.org/~apo/lts/buster/trapperkeeper-webserver-jetty9-clojure/
trapperkeeper-webserver-jetty9-clojure_1.7.0-2+deb10u1.1.dsc
should work as expected. I'm attaching the debdiff as well.
My solution is to replace the old SslContextFactory class with the new inner
SslContextFactory.Server class but I don't know if this change has the desired
effect because I couldn't test it.
FTR, the already applied 0005-maint-Disable-EndpointIdentification.patch (new
in version +deb10u1) is related to the problem. Actually back then it did "fix"
the SSL problem and I'm a bit surprised it resurfaced now.
There is also a third alternative. I could revert the split change in jetty9.
https://github.com/jetty/jetty.project/pull/3480/files#diff-58640db0f8f2cd84b7e653d1c1540913
If the new revision doesn't work for you, please send me your puppetdb config,
and I try to figure out a solution myself without the feedback loop delay.
Thanks in advance.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trapperkeeper-webserver-jetty9-clojure.debdiff
Type: text/x-patch
Size: 5798 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20231105/f5566a4b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20231105/f5566a4b/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list