[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] Problem with a key for HTTP/3 in Jetty server
|
Hi,
In attached zip there is simple server class source, my keystore, and
shell scripts to compile and run test, so you can test it yourself. Jars
are not attached. Please, test it. I tested it with JDK 17. I don't know
if there is problem with my code or with my keystore.
My instruction from readme.txt:
Simple test of Jetty web server with HTTP/3 support.
Environment:
************
In jars/ I have jars from Jetty 11.0.11 plus
slf4j-api-1.7.36.jar
logback-classic-1.2.11.jar
logback-core-1.2.11.jar
I have keystore/hdb_keystore.ks with key pair for alias:
stresstest.heuthesd's heuthes sp. z o.o. id
To use it for my personal machine I added stresstest.heuthesd to /etc/host
[root@mn ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
127.0.0.1 stresstest stresstest.heuthesd
Test procedure:
**************
1. Compile with compile.sh
2. Run test server with only HTTP/2 with test_jetty_http2.sh
3. Point your browser to: https://stresstest.heuthesd:8765/
it should show page with content like:
request [nr]
content
4. Stop the server
5. Run test server with HTTP/2 and HTTP/3 with test_jetty_http3.sh
On my machine it fails with exception:
java.lang.NullPointerException: Cannot invoke
"java.security.Key.getEncoded()" because "key" is null
at org.eclipse.jetty.quic.quiche.SSLKeyPair.writeAsPEM(SSLKeyPair.java:81)
at org.eclipse.jetty.quic.quiche.SSLKeyPair.export(SSLKeyPair.java:69)
at
org.eclipse.jetty.quic.server.QuicServerConnector.doStart(QuicServerConnector.java:176)
at
org.eclipse.jetty.http3.server.HTTP3ServerConnector.doStart(HTTP3ServerConnector.java:61)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:93)
at org.eclipse.jetty.server.Server.doStart(Server.java:427)
W dniu 25.07.2022 o 18:00, Ludovic Orban pisze:
Hi,
Something is looking strange. QuicServerConnector.doStart() is supposed
to do these things in order:
* check that your keystore contains at least one alias
* if SslContextFactory.getCertAlias() is not null, load that key pair
* otherwise load the key pair of the first known alias
The SSLKeyPair class loads the key in its constructor, then later reads
it from its export() method.
In SSLKeyPair, since the export() method throws NPE in your case, that
means the call to KeyStore.getKey() in the constructor must have
returned null. This could happen if you configured a non-existing alias
with SslContextFactory.setCertAlias().
Could that be the cause of your problem? This looks unlikely though as I
assume HTTP/2 would not have worked in that case.
What's the content of your keystore? How have you set your
SslContextFactory up? If you could post a complete piece of code that
replicates the issue, we could certainly figure out the problem quickly.
--
Best regards,
Michał Niklas
Attachment:
http3_test.zip
Description: Zip archive