Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Problem with a key for HTTP/3 in Jetty server

Hi,

In attached zip there is simple server class source, my keystore, and shell scripts to compile and run test, so you can test it yourself. Jars are not attached. Please, test it. I tested it with JDK 17. I don't know if there is problem with my code or with my keystore.

My instruction from readme.txt:

Simple test of Jetty web server with HTTP/3 support.

Environment:
************

In jars/ I have jars from Jetty 11.0.11 plus
slf4j-api-1.7.36.jar
logback-classic-1.2.11.jar
logback-core-1.2.11.jar

I have keystore/hdb_keystore.ks with key pair for alias:
stresstest.heuthesd's heuthes sp. z o.o. id

To use it for my personal machine I added stresstest.heuthesd to /etc/host

[root@mn ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1	stresstest stresstest.heuthesd



Test procedure:
**************

1. Compile with compile.sh

2. Run test server with only HTTP/2 with test_jetty_http2.sh

3. Point your browser to: https://stresstest.heuthesd:8765/
it should show page with content like:
request [nr]
content

4. Stop the server

5. Run test server with HTTP/2 and HTTP/3 with test_jetty_http3.sh

On my machine it fails with exception:

java.lang.NullPointerException: Cannot invoke "java.security.Key.getEncoded()" because "key" is null
	at org.eclipse.jetty.quic.quiche.SSLKeyPair.writeAsPEM(SSLKeyPair.java:81)
	at org.eclipse.jetty.quic.quiche.SSLKeyPair.export(SSLKeyPair.java:69)
at org.eclipse.jetty.quic.server.QuicServerConnector.doStart(QuicServerConnector.java:176) at org.eclipse.jetty.http3.server.HTTP3ServerConnector.doStart(HTTP3ServerConnector.java:61) at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
	at org.eclipse.jetty.server.Server.doStart(Server.java:427)





W dniu 25.07.2022 o 18:00, Ludovic Orban pisze:
Hi,

Something is looking strange. QuicServerConnector.doStart() is supposed to do these things in order:

  * check that your keystore contains at least one alias
  * if SslContextFactory.getCertAlias() is not null, load that key pair
  * otherwise load the key pair of the first known alias

The SSLKeyPair class loads the key in its constructor, then later reads it from its export() method.

In SSLKeyPair, since the export() method throws NPE in your case, that means the call to KeyStore.getKey() in the constructor must have returned null. This could happen if you configured a non-existing alias with SslContextFactory.setCertAlias().

Could that be the cause of your problem? This looks unlikely though as I assume HTTP/2 would not have worked in that case.

What's the content of your keystore? How have you set your SslContextFactory up? If you could post a complete piece of code that replicates the issue, we could certainly figure out the problem quickly.



--
Best regards,
Michał Niklas

Attachment: http3_test.zip
Description: Zip archive


Back to the top