Runtime exceptions with SSL enabled
-
I have been using the containerized FusionAuth application and am having issues with using it with SSL enabled. When enabled and accessing it via HTTPS I am able to login, add users, and do basic admin tasks using the admin application however certain functionality is not working. For instance, adds or edits of tenants or API keys all throw exceptions. Calling the API for these tasks results in the same exception. If you access it via HTTP only, non SSL, it works without issue however I require SSL to the application. The exception stack trace is:
ERROR io.fusionauth.http.server.HTTPServerThread - An exception was thrown during processing java.lang.IllegalStateException: A buffer overflow is not expected during an unwrap operation. This occurs because the preamble or body buffers are too small. Increase their sizes to avoid this issue. at io.fusionauth.http.server.HTTPS11Processor.read(HTTPS11Processor.java:191) at io.fusionauth.http.server.HTTPServerThread.read(HTTPServerThread.java:348) at io.fusionauth.http.server.HTTPServerThread.run(HTTPServerThread.java:176)To configure SSL, I have used both the file based and raw content environment variables to specify the certificate and private key. Both have the same result of the above exception when SSL is enabled. This is also noted in a similar post here but it had no resolution besides not using SSL.
How have people configured this to get it working without the exceptions above?
-
@jgerman Where is your stack trace coming from? The API call you made? Is there anything in the admin UI debugging that you can share?
-
@mark-robustelli That is coming from the container logs. We see these in the logs when the large API call or admin call is made. The server gives back an empty response for these calls. The admin UI just displays a blank page when these large calls are made. I'm happy to provide anything else that would be helpful.
-
@jgerman I hope to get some time early next week to try and recreate. Anything else you can provide to help me do so will be greatly appreciated. From your last post it sounds like things work, this happens, they stop working. After the call has timed out, does the system begin to run properly again? Can you please provide and example of what you are calling a "large API call or admin call"?
-
M matth referenced this topic on
-
jgerman Based on your discussion in the other thread, can you tell me a little more about how you have your FusionAuth configured to run? That may have something to do with the issue here. Once I get that info and an example of the "large API call", I can work on reproducing.
-
@mark-robustelli Yes, the configuration is using the SSL private key and certificate properties through environment variables with SSL enabled. Specifically the FUSIONAUTH_APP_HTTPS_PRIVATE_KEY, FUSIONAUTH_APP_HTTPS_CERTIFICATE, and FUSIONAUTH_APP_HTTPS_ENABLED environment variables.
Large API or admin call wise, the most obvious thing I've seen is going into the admin application and just try to edit or create a tenant, you don't have to change anything if editing, and try to hit save. Creating/editing a tenant or creating/editing an API key at minimum are the most obvious places I've consistently seen the issue. API calls for these same functions, tenant add/edit and API key add/edit, have the same issue.
I haven't done a lot of parallel request testing but the application for everything else still seems ok while these specific requests are erroring. These large calls will fail and an error will be in the container logs but everything else stays up and continues to run.
Let me know if I can provide more information.
-
@jgerman Sorry I have been out of touch. I just saw this issue come up that sounds like the same thing you are experiencing. Please follow this issue. When the fix is available, please let us know if this solved your issue to. I believe it will.
