Bug 47605 - Failed to initialize component при настройке SSL
Summary: Failed to initialize component при настройке SSL
Status: NEW
Alias: None
Product: Sisyphus
Classification: Development
Component: tomcat10 (show other bugs)
Version: unstable
Hardware: x86_64 Linux
: P5 normal
Assignee: aminov@altlinux.org
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-15 15:17 MSK by Evgeny Shesteperov
Modified: 2023-09-15 15:17 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Evgeny Shesteperov 2023-09-15 15:17:34 MSK 
Версия

-   tomcat10-10.1.5-alt2_jvm11

Шаги воспроизведения

1.  Выполнить настройку Tomcat:

    apt-get install -y tomcat10 tomcat10-admin-webapps tomcat10-docs-webapp tomcat10-el-5.0-api tomcat10-jsp-3.1-api tomcat10-lib tomcat10-servlet-6.0-api tomcat10-webapps java-17-openjdk-headless java-17-openjdk-devel
    systemctl disable --now ahttpd
    systemctl enable --now tomcat && sleep 5; systemctl status tomcat --no-pager -l
    netstat -ltupn | grep 8080
    echo http://$(hostname -i):808

2.  Создать сертификаты:

    keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/share/mystore -validity 999 -keysize 512 && \
    keytool -genkey -alias client -keyalg RSA -keystore /usr/share/myclientstore -storetype PKCS12 -validity 999 -keysize 512 && \
    keytool -export -alias client -keyalg RSA -keystore /usr/share/myclientstore -storetype PKCS12 -file /usr/share/clientcert && \
    keytool -import -alias client -keyalg RSA -keystore /usr/share/mytruststore -storetype JKS -file /usr/share/clientcert

3.  В файл /etc/tomcat/server.xmlдобавить строки:

    <Connector
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
    port="8443"
    SSLEnabled="true"
    maxHttpHeaderSize="8192" 
    maxThreads="150"
    minSpareThreads="25"
    maxSpareThreads="200"
    enableLookups="false"
    disableUploadTimeout="true"
    acceptCount="100"
    scheme="https"
    secure="true"
    clientAuth="true"
    sslProtocol="TLS"
    sslEnabledProtocols="TLSv1.2"
    keystoreFile="/usr/share/mystore"
    keystorePass="123456"
    keystoreType="JKS"
    keyAlias="tomcat"
    truststoreFile="/usr/share/mytruststore"
    truststorePass="123456"
    truststoreType="JKS"
    ciphers="
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
    TLS_RSA_WITH_AES_128_CBC_SHA256,
    TLS_RSA_WITH_AES_128_CBC_SHA
    "
    />

4.  Перезапустить сервис:

    systemctl restart tomcat; sleep 3; systemctl status tomcat

5.  Проверить порт:

    netstat -ltupn | grep 8443

Ожидаемый результат: коннектор работает.

Фактический результат: коннектор не работает. В логах харакертерное:

    Failed to initialize component [Connector[org.apache.coyote.http11.Http11NioProtocol-8443]]
    . . . . .
    org.apache.catalina.LifecycleException: Protocol handler initialization failed
    . . . . .
    Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-jsse-nio-8443]

Аналогичный конфиг с Tomcat 9 работает корректно.

Что-то похожее уже видел:

-   https://superuser.com/questions/1788641/unable-to-start-tomcat-10-with-https-connector