Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

testBuilderUsesDefaultSSLContext fails due to a wrong exception message #31940

Closed
bleskes opened this issue Jul 10, 2018 · 4 comments · Fixed by #32072
Closed

testBuilderUsesDefaultSSLContext fails due to a wrong exception message #31940

bleskes opened this issue Jul 10, 2018 · 4 comments · Fixed by #32072
Assignees
Labels
jvm bug :Security/TLS SSL/TLS, Certificates >test-failure Triaged test failures from CI

Comments

@bleskes
Copy link
Contributor

bleskes commented Jul 10, 2018

This test failed today of the above test while running on java11, which may be relevant:

https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+master+matrix-java-periodic/ES_BUILD_JAVA=java11,ES_RUNTIME_JAVA=java11,nodes=virtual&&linux/168/console

16:26:03 FAILURE 0.58s J2 | RestClientBuilderIntegTests.testBuilderUsesDefaultSSLContext <<< FAILURES!
16:26:03    > Throwable #1: java.lang.AssertionError: 
16:26:03    > Expected: a string containing "General SSLEngine problem"
16:26:03    >      but: was "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
16:26:03    > 	at __randomizedtesting.SeedInfo.seed([40A8A6346B9B56FA:78D0B8F8B871D88F]:0)
16:26:03    > 	at org.hamcrest.MatcherAssert.assertThat(MatcherAssert.java:20)
16:26:03    > 	at org.elasticsearch.client.RestClientBuilderIntegTests.testBuilderUsesDefaultSSLContext(RestClientBuilderIntegTests.java:82)
16:26:03    > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
16:26:03    > 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
16:26:03    > 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
16:26:03    > 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
16:26:03    > 	at java.base/java.lang.Thread.run(Thread.java:834)
@bleskes bleskes added >test-failure Triaged test failures from CI :Security/TLS SSL/TLS, Certificates labels Jul 10, 2018
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security

@bizybot bizybot self-assigned this Jul 11, 2018
@bizybot
Copy link
Contributor

bizybot commented Jul 11, 2018

Fix is ready but the test fails for different reason NPE after this fix. The next part is dependent on the JDK bug fix https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8206355. I think this will get fixed in next JDK 11 ea build (build 11-ea+22). Latest build does not have this fix so need to wait.

@martijnvg
Copy link
Member

The SmokeTestMonitoringWithSecurityIT#testHTTPExporterWithSSL() test looks also to be failing because of the jdk11 bug:

17:43:20 [2018-07-11T17:43:09,610][ERROR][o.e.x.m.e.h.VersionHttpResource] failed to verify minimum version [7.0.0-alpha1] on the [xpack.monitoring.exporters._http] monitoring cluster
17:43:20 java.lang.RuntimeException: null
17:43:20 	at org.elasticsearch.client.RestClient$SyncResponseListener.get(RestClient.java:951) ~[elasticsearch-rest-client-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.client.RestClient.performRequest(RestClient.java:227) ~[elasticsearch-rest-client-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.client.RestClient.performRequest(RestClient.java:294) ~[elasticsearch-rest-client-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.VersionHttpResource.doCheckAndPublish(VersionHttpResource.java:62) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.HttpResource.checkAndPublish(HttpResource.java:156) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.MultiHttpResource.doCheckAndPublish(MultiHttpResource.java:64) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.HttpResource.checkAndPublish(HttpResource.java:156) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.HttpResource.blockUntilCheckAndPublish(HttpResource.java:132) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.HttpResource.checkAndPublishIfDirty(HttpResource.java:116) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.HttpExporter.isExporterReady(HttpExporter.java:639) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.HttpExporter.openBulk(HttpExporter.java:645) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.http.HttpExporter.openBulk(HttpExporter.java:67) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.Exporters.openBulk(Exporters.java:115) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.exporter.Exporters.export(Exporters.java:186) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.xpack.monitoring.MonitoringService$MonitoringExecution$1.doRun(MonitoringService.java:227) [x-pack-monitoring-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) [?:?]
17:43:20 	at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
17:43:20 	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:624) [elasticsearch-7.0.0-alpha1-SNAPSHOT.jar:7.0.0-alpha1-SNAPSHOT]
17:43:20 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
17:43:20 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
17:43:20 	at java.lang.Thread.run(Thread.java:834) [?:?]
17:43:20 Caused by: java.lang.NullPointerException
17:43:20 	at sun.security.ssl.SSLSessionImpl.getLocalPrincipal(SSLSessionImpl.java:661) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.client.DefaultAsyncUserTokenHandler.getUserToken(DefaultAsyncUserTokenHandler.java:85) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.client.MainClientExec.responseCompleted(MainClientExec.java:377) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:168) ~[?:?]
17:43:20 	at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:436) ~[?:?]
17:43:20 	at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:326) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:265) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:121) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) ~[?:?]
17:43:20 	at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) ~[?:?]
17:43:20 	... 1 more

Build url: https://elasticsearch-ci.elastic.co/job/elastic+elasticsearch+master+matrix-java-periodic/ES_BUILD_JAVA=java11,ES_RUNTIME_JAVA=java8,nodes=virtual&&linux/170/console

martijnvg added a commit that referenced this issue Jul 12, 2018
martijnvg added a commit that referenced this issue Jul 12, 2018
@martijnvg
Copy link
Member

I've muted RestClientBuilderIntegTests.testBuilderUsesDefaultSSLContext() (only when running with jdk11) and SmokeTestMonitoringWithSecurityIT#testHTTPExporterWithSSL() on master: ae5c70e
and 6.x: e7602c6

dnhatn added a commit that referenced this issue Jul 12, 2018
* master:
  [TEST] Mute SlackMessageTests.testTemplateRender
  Docs: Explain closing the high level client
  [ML] Re-enable memory limit integration tests (#31328)
  [test] disable packaging tests for suse boxes
  Add nio transport to security plugin (#31942)
  XContentTests : Insert random fields at random positions (#30867)
  Force execution of fetch tasks (#31974)
  Fix unreachable error condition in AmazonS3Fixture (#32005)
  Tests: Fix SearchFieldsIT.testDocValueFields (#31995)
  Add Expected Reciprocal Rank metric (#31891)
  [ML] Get ForecastRequestStats doc in RestoreModelSnapshotIT (#31973)
  SQL: Add support for single parameter text manipulating functions (#31874)
  [ML] Ensure immutability of MlMetadata (#31957)
  Tests: Mute SearchFieldsIT.testDocValueFields()
  muted tests due to #31940
  Work around reported problem in eclipse (#31960)
  Move build integration tests out of :buildSrc project (#31961)
  Tests: Remove use of joda time in some tests (#31922)
  [Test] Reactive 3rd party tests on CI (#31919)
  SQL: Support for escape sequences (#31884)
  SQL: HAVING clause should accept only aggregates (#31872)
  Docs: fix typo in datehistogram (#31972)
  Switch url repository rest tests to new style requests (#31944)
  Switch reindex tests to new style requests (#31941)
  Docs: Added note about cloud service to installation and getting started
  [DOCS] Removes alternative docker pull example (#31934)
  Add Snapshots Status API to High Level Rest Client (#31515)
  ingest: date_index_name processor template resolution (#31841)
  Test: fix null failure in watcher test (#31968)
  Switch test framework to new style requests (#31939)
  Switch low level rest tests to new style Requests (#31938)
  Switch high level rest tests to new style requests (#31937)
  [ML] Mute test failing due to Java 11 date time format parsing bug (#31899)
  [TEST] Mute SlackMessageTests.testTemplateRender
  Fix assertIngestDocument wrongfully passing (#31913)
  Remove unused reference to filePermissionsCache (#31923)
  rolling upgrade should use a replica to prevent relocations while running a scroll
  HLREST: Bundle the x-pack protocol project (#31904)
  Increase logging level for testStressMaybeFlush
  Added lenient flag for synonym token filter (#31484)
  [X-Pack] Beats centralized management: security role + licensing (#30520)
  HLRest: Move xPackInfo() to xPack().info() (#31905)
  Docs: add security delete role to api call table (#31907)
  [test] port archive distribution packaging tests (#31314)
  Watcher: Slack message empty text (#31596)
  [ML] Mute failing DetectionRulesIT.testCondition() test
  Fix broken NaN check in MovingFunctions#stdDev() (#31888)
  Date: Add DateFormatters class that uses java.time (#31856)
  [ML] Switch native QA tests to a 3 node cluster (#31757)
  Change trappy float comparison (#31889)
  Fix building AD URL from domain name (#31849)
  Add opaque_id to audit logging (#31878)
  re-enable backcompat tests
  add support for is_write_index in put-alias body parsing (#31674)
  Improve release notes script (#31833)
  [DOCS] Fix broken link in painless example
  Handle missing values in painless (#30975)
  Remove the ability to index or query context suggestions without context (#31007)
  Ingest: Enable Templated Fieldnames in Rename (#31690)
  [Docs] Fix typo in the Rollup API Quick Reference (#31855)
  Ingest: Add ignore_missing option to RemoveProc (#31693)
  Add template config for Beat state to X-Pack Monitoring (#31809)
  Watcher: Add ssl.trust email account setting (#31684)
  Remove link to oss-MSI (#31844)
  Painless: Restructure Definition/Whitelist (#31879)
  HLREST: Add x-pack-info API (#31870)
dnhatn added a commit that referenced this issue Jul 12, 2018
* 6.x:
  Force execution of fetch tasks (#31974)
  [TEST] Mute SlackMessageTests.testTemplateRender
  Docs: Explain closing the high level client
  [test] disable java packaging tests for suse
  XContentTests : Insert random fields at random positions (#30867)
  Add Get Snapshots High Level REST API (#31980)
  Fix unreachable error condition in AmazonS3Fixture (#32005)
  [6.x][ML] Ensure immutability of MlMetadata (#31994)
  Add Expected Reciprocal Rank metric (#31891)
  SQL: Add support for single parameter text manipulating functions (#31874)
  muted tests due to #31940
  Work around reported problem in eclipse (#31960)
  Move build integration tests out of :buildSrc project (#31961)
  [Test] Reactive 3rd party tests on CI (#31919)
  Fix assertIngestDocument wrongfully passing (#31913) (#31951)
  SQL: Support for escape sequences (#31884)
  SQL: HAVING clause should accept only aggregates (#31872)
  Docs: fix typo in datehistogram (#31972)
  Switch url repository rest tests to new style requests (#31944)
  Switch reindex tests to new style requests (#31941)
  Switch test framework to new style requests (#31939)
  Docs: Added note about cloud service to installation and getting started
  [DOCS] Removes alternative docker pull example (#31934)
  ingest: date_index_name processor template resolution (#31841)
  Test: fix null failure in watcher test (#31968)
  Watcher: Slack message empty text (#31596)
  Switch low level rest tests to new style Requests (#31938)
  Switch high level rest tests to new style requests (#31937)
  HLREST: Bundle the x-pack protocol project (#31904)
  [ML] Mute test failing due to Java 11 date time format parsing bug (#31899)
  Increase logging level for testStressMaybeFlush
  rolling upgrade should use a replica to prevent relocations while running a scroll
  [test] port archive distribution packaging tests (#31314)
  HLRest: Move xPackInfo() to xPack().info() (#31905)
  Increase logging level for :qa:rolling-upgrade
  Backport: Add template config for Beat state to X-Pack Monitoring (#31809) (#31893)
  Fix building AD URL from domain name (#31849)
  Fix broken NaN check in MovingFunctions#stdDev() (#31888)
  Change trappy float comparison (#31889)
  Add opaque_id to audit logging (#31878)
  add support for is_write_index in put-alias body parsing (#31674)
  Ingest: Enable Templated Fieldnames in Rename (#31690) (#31896)
  Ingest: Add ignore_missing option to RemoveProc (#31693) (#31892)
  [Docs] Fix typo in the Rollup API Quick Reference (#31855)
  Watcher: Add ssl.trust email account setting (#31684)
  [PkiRealm] Invalidate cache on role mappings change (#31510)
  [Security] Check auth scheme case insensitively (#31490)
  HLREST: Add x-pack-info API (#31870)
  Remove link to oss-MSI (#31844)
  Painless: Restructure Definition/Whitelist (#31879)
bizybot added a commit that referenced this issue Jul 17, 2018
There have been changes in error messages for `SSLHandshakeException`.
This has caused a couple of failures in our tests.
This commit modifies test verification to assert on exception type of
class `SSLHandshakeException`.
There was another issue in Java11 which caused NPE. The bug has now
been fixed on Java11 - early access build 22.
Bug Ref: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8206355
Enable the skipped tests due to this bug.

Closes #31940
benwtrent added a commit that referenced this issue Mar 27, 2019
There have been changes in error messages for `SSLHandshakeException`.
This has caused a couple of failures in our tests.
This commit modifies test verification to assert on exception type of
class `SSLHandshakeException`.
There was another issue in Java11 which caused NPE. The bug has now
been fixed on Java11 - early access build 22.
Bug Ref: https://bugs.java.com/bugdatabase/view_bug.do?bug_id=8206355
Enable the skipped tests due to this bug.

Closes #31940
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
jvm bug :Security/TLS SSL/TLS, Certificates >test-failure Triaged test failures from CI
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants