После обновления tomcat c 9.0.109 на 9.0.112 установка dogtag pki завершается с ошибкой: $ pkispawn -s CA -f myconfig.txt WARNING: cert_path missing; not used for validation: /var/lib/pki/pki-tomcat/conf/alias/ca.crt --------------- Export complete --------------- ERROR: Exception: Server unreachable due to SSL error: [SSL: UNEXPECTED_EOF_WHILE_READING] EOF occurred in violation of protocol (_ssl.c:1032) File "/usr/lib64/python3/site-packages/pki/server/pkispawn.py", line 594, in main deployer.spawn() ~~~~~~~~~~~~~~^^ File "/usr/lib64/python3/site-packages/pki/server/deployment/__init__.py", line 5991, in spawn scriptlet.spawn(self) ~~~~~~~~~~~~~~~^^^^^^ File "/usr/lib64/python3/site-packages/pki/server/deployment/scriptlets/finalization.py", line 79, in spawn instance.start( ~~~~~~~~~~~~~~^ wait=True, ^^^^^^^^^^ max_wait=deployer.startup_timeout, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ timeout=deployer.request_timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3/site-packages/pki/server/__init__.py", line 474, in start raise Exception('Server unreachable due to SSL error: %s' % reason) from e Loading deployment configuration from myconfig.txt. Installing CA into /var/lib/pki/pki-tomcat. Installation failed: Server unreachable due to SSL error: [SSL: UNEXPECTED_EOF_WHILE_READING] EOF occurred in violation of protocol (_ssl.c:1032) В логе: Java virtual machine used: /usr/lib/jvm/jre/bin/java classpath used: /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar: main class used: org.apache.catalina.startup.Bootstrap flags used: -Dcom.redhat.fips=false options used: -Dcatalina.base=/var/lib/pki/pki-tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/pki-tomcat/temp -Djava.util.logging.config.file=/var/lib/pki/pki-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.manager -Djava.security.policy==/var/lib/pki/pki-tomcat/conf/catalina.policy arguments used: start NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED WARNING: A command line option has enabled the Security Manager WARNING: The Security Manager is deprecated and will be removed in a future release SEVERE: Error running socket processor java.lang.NullPointerException: Cannot invoke "java.util.List.isEmpty()" because "clientSupportedGroups" is null at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLEngine(AbstractJsseEndpoint.java:179) at org.dogtagpki.jss.tomcat.JSSNioEndpoint.createSSLEngine(JSSNioEndpoint.java:130) at org.dogtagpki.jss.tomcat.JSSSecureNioChannel.processJSSSNI(JSSSecureNioChannel.java:284) at org.dogtagpki.jss.tomcat.JSSSecureNioChannel.handshake(JSSSecureNioChannel.java:128) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1805) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:973) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:491) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) at java.base/java.lang.Thread.run(Thread.java:1583)
tomcat-1:9.0.112-alt2 -> sisyphus: Wed Dec 17 2025 Stanislav Levin <slev@altlinux> 1:9.0.112-alt2 - Fixed NPE on dogtag pki installation (closes: #57265).
