Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
error on ssl handshake with database in native image mode
See original GitHub issueDescribe the bug
-
I have a quarkus application which makes a flyway database migration at startup.
-
My database is a postgres db allowing only ssl connections.
-
I compile a native image successfully.
[INFO] --- quarkus-maven-plugin:0.25.0:build (default) @ instantmobile ---
[INFO] [io.quarkus.deployment.QuarkusAugmentor] Beginning quarkus augmentation
[INFO] [org.jboss.threads] JBoss Threads version 3.0.0.Final
[INFO] [io.quarkus.flyway.FlywayProcessor] Adding application migrations in path '/C:/git/Trend-Radar/instantmobile-quarkus/target/classes/db/migration' using protocol 'file'
[INFO] [org.hibernate.jpa.boot.internal.PersistenceXmlParser] HHH000318: Could not find any META-INF/persistence.xml file in the classpath
[INFO] [org.hibernate.Version] HHH000412: Hibernate Core {5.4.6.Final}
[INFO] [io.quarkus.resteasy] Resteasy running without servlet container.
[INFO] [io.quarkus.resteasy] - Add quarkus-undertow to run Resteasy within a servlet container
[INFO] [io.quarkus.deployment.QuarkusAugmentor] Quarkus augmentation completed in 3214ms
[INFO] [io.quarkus.creator.phase.runnerjar.RunnerJarPhase] Building jar: C:\git\Trend-Radar\instantmobile-quarkus\target\instantmobile-1.0-SNAPSHOT-runner.jar
[INFO]
[INFO] --- quarkus-maven-plugin:0.25.0:native-image (default) @ instantmobile ---
[INFO] [io.quarkus.creator.phase.nativeimage.NativeImagePhase] Running Quarkus native-image plugin on OpenJDK 64-Bit Server VM
[INFO] [io.quarkus.creator.phase.nativeimage.NativeImagePhase] docker run -v C:\git\Trend-Radar\instantmobile-quarkus\target:/project:z --rm quay.io/quarkus/ubi-quarkus-native-image:19.2.0.1 -J-Djava.util.logging.manager=org.jboss.logmanager.LogManager -J-Dio.netty.leakDetection.level=DISABLED -J-Dvertx.logger-delegate-factory-class-name=io.quarkus.vertx.core.runtime.VertxLogDelegateFactory -J-Dsun.nio.ch.maxUpdateArraySize=100 -J-Dio.netty.allocator.maxOrder=1 -J-Dvertx.disableDnsResolver=true -H:IncludeResources=META-INF/resources/.* --initialize-at-build-time= -H:InitialCollectionPolicy=com.oracle.svm.core.genscavenge.CollectionPolicy$BySpaceAndTime -jar instantmobile-1.0-SNAPSHOT-runner.jar -J-Djava.util.concurrent.ForkJoinPool.common.parallelism=1 -H:FallbackThreshold=0 -H:+ReportExceptionStackTraces -H:+PrintAnalysisCallTree -H:-AddAllCharsets -H:EnableURLProtocols=http,https --enable-all-security-services -H:+JNI -H:-UseServiceLoaderFeature -H:+StackTrace
Build on Server(pid: 28, port: 36615)*
[instantmobile-1.0-SNAPSHOT-runner:28] classlist: 16,022.07 ms
[instantmobile-1.0-SNAPSHOT-runner:28] (cap): 1,483.57 ms
[instantmobile-1.0-SNAPSHOT-runner:28] setup: 3,468.05 ms
13:14:36,465 INFO [org.hib.Version] HHH000412: Hibernate Core {5.4.6.Final}
13:14:36,492 INFO [org.hib.ann.com.Version] HCANN000001: Hibernate Commons Annotations {5.1.0.Final}
13:14:36,533 INFO [org.hib.dia.Dialect] HHH000400: Using dialect: io.quarkus.hibernate.orm.runtime.dialect.QuarkusPostgreSQL95Dialect
13:14:38,822 INFO [org.jbo.threads] JBoss Threads version 3.0.0.Final
13:14:40,077 INFO [com.arj.ats.arjuna] ARJUNA012170: TransactionStatusManager started on port 36521 and host 127.0.0.1 with service com.arjuna.ats.arjuna.recovery.ActionStatusService
[instantmobile-1.0-SNAPSHOT-runner:28] (typeflow): 53,230.37 ms
[instantmobile-1.0-SNAPSHOT-runner:28] (objects): 22,599.06 ms
[instantmobile-1.0-SNAPSHOT-runner:28] (features): 1,261.27 ms
[instantmobile-1.0-SNAPSHOT-runner:28] analysis: 81,527.13 ms
Printing call tree to /project/reports/call_tree_instantmobile-1.0-SNAPSHOT-runner_20191017_131619.txt
Printing list of used classes to /project/reports/used_classes_instantmobile-1.0-SNAPSHOT-runner_20191017_131630.txt
Printing list of used packages to /project/reports/used_packages_instantmobile-1.0-SNAPSHOT-runner_20191017_131630.txt
[instantmobile-1.0-SNAPSHOT-runner:28] (clinit): 1,202.76 ms
[instantmobile-1.0-SNAPSHOT-runner:28] universe: 3,882.22 ms
[instantmobile-1.0-SNAPSHOT-runner:28] (parse): 9,987.58 ms
[instantmobile-1.0-SNAPSHOT-runner:28] (inline): 9,373.37 ms
[instantmobile-1.0-SNAPSHOT-runner:28] (compile): 57,773.18 ms
[instantmobile-1.0-SNAPSHOT-runner:28] compile: 80,990.49 ms
[instantmobile-1.0-SNAPSHOT-runner:28] image: 4,884.87 ms
[instantmobile-1.0-SNAPSHOT-runner:28] write: 2,377.36 ms
[instantmobile-1.0-SNAPSHOT-runner:28] [total]: 227,369.27 ms
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:17 min
[INFO] Finished at: 2019-10-17T15:18:05+02:00
[INFO] ------------------------------------------------------------------------
- If i run the application it fails with the following error.
harald@xxx:/instantmobile-quarkus/target$ ./instantmobile-1.0-SNAPSHOT-runner -Djava.library.path=/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64 -Djavax.net.ssl.trustStore=/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts
13:29:05 INFO [org.flywaydb.core.internal.license.VersionPrinter]] (main) Flyway Community Edition 6.0.4 by Redgate
WARNING: The sunec native library, required by the SunEC provider, could not be loaded. This library is usually shipped as part of the JDK and can be found under
<JAVA_HOME>/jre/lib/<platform>/libsunec.so. It is loaded at run time via System.loadLibrary("sunec"), the first time services from SunEC are accessed. To use this provider's services the java.library.path system property needs to be set accordingly to point to a location that contains libsunec.so. Note that if java.library.path is not set it defaults to the current working directory.
java.lang.UnsatisfiedLinkError: sun.security.ec.ECKeyPairGenerator.isCurveSupported([B)Z [symbol: Java_sun_security_ec_ECKeyPairGenerator_isCurveSupported or Java_sun_security_ec_ECKeyPairGenerator_isCurveSupported___3B]
at com.oracle.svm.jni.access.JNINativeLinkage.getOrFindEntryPoint(JNINativeLinkage.java:145)
at com.oracle.svm.jni.JNIGeneratedMethodSupport.nativeCallAddress(JNIGeneratedMethodSupport.java:57)
at sun.security.ec.ECKeyPairGenerator.isCurveSupported(ECKeyPairGenerator.java)
at sun.security.ec.ECKeyPairGenerator.ensureCurveIsSupported(ECKeyPairGenerator.java:135)
at sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:114)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:77)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:783)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:302)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:40)
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:441)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
at org.postgresql.Driver.makeConnection(Driver.java:458)
at org.postgresql.Driver.connect(Driver.java:260)
at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:200)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:370)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:352)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:65)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:460)
at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:193)
Exception in thread "main" java.lang.RuntimeException: Failed to start quarkus
at io.quarkus.runner.ApplicationImpl1.doStart(ApplicationImpl1.zig:268)
at io.quarkus.runtime.Application.start(Application.java:94)
at io.quarkus.runtime.Application.run(Application.java:218)
at io.quarkus.runner.GeneratedMain.main(GeneratedMain.zig:41)
Caused by: java.lang.UnsatisfiedLinkError: sun.security.ec.ECKeyPairGenerator.isCurveSupported([B)Z [symbol: Java_sun_security_ec_ECKeyPairGenerator_isCurveSupported or Java_sun_security_ec_ECKeyPairGenerator_isCurveSupported___3B]
at com.oracle.svm.jni.access.JNINativeLinkage.getOrFindEntryPoint(JNINativeLinkage.java:145)
at com.oracle.svm.jni.JNIGeneratedMethodSupport.nativeCallAddress(JNIGeneratedMethodSupport.java:57)
at sun.security.ec.ECKeyPairGenerator.isCurveSupported(ECKeyPairGenerator.java)
at sun.security.ec.ECKeyPairGenerator.ensureCurveIsSupported(ECKeyPairGenerator.java:135)
at sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:114)
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:674)
at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:77)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:783)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:302)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
at org.postgresql.ssl.MakeSSL.convert(MakeSSL.java:40)
at org.postgresql.core.v3.ConnectionFactoryImpl.enableSSL(ConnectionFactoryImpl.java:441)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:94)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:192)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:195)
at org.postgresql.Driver.makeConnection(Driver.java:458)
at org.postgresql.Driver.connect(Driver.java:260)
at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:200)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:370)
at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:352)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:65)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
at com.oracle.svm.core.thread.JavaThreads.threadStartRoutine(JavaThreads.java:460)
at com.oracle.svm.core.posix.thread.PosixJavaThreads.pthreadStartRoutine(PosixJavaThreads.java:193)
harald@xxx:/instantmobile-quarkus/target$
- Same error happens when building and running a docker image from the native image.
- Same error happens when building and running inside openshift with native image.
- I tried different ways to point to the libsunec.so without success.
- point java.library.path to JRE lib directory (see log)
- copy libsunec.so next to the application
- point java.library.path direct to the filename
Expected behavior Successful SSL connection to my postgres database.
Actual behavior Can not start to application due to ssl handshake error.
To Reproduce Steps to reproduce the behavior:
- Create quarkus application with flyway and postgres jdbc
- Host postgres database with ssl connectivity
- Build and run a native image of the application
Environment (please complete the following information):
-
Output of
uname -aorver: Linux LMUC795407 4.4.0-17134-Microsoft #706-Microsoft Mon Apr 01 18:13:00 PST 2019 x86_64 x86_64 x86_64 GNU/Linux -
Output of
java -version: openjdk version “1.8.0_191” OpenJDK Runtime Environment (build 1.8.0_191-8u191-b12-2ubuntu0.18.04.1-b12) OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode) -
Quarkus version or git rev: 0.25.0
Issue Analytics
- State:
- Created 4 years ago
- Comments:12 (12 by maintainers)
Top Results From Across the Web
Error on Quarkus reactive datasource SSL handshake
My need for a reactive datasource exists because I use the Vert.x RabbitMQ client. This gave me a reactive consumer, so I couldn't...
Read more >'Test Connection Failed because of an error initializing ...
Hi In windows Server 2016 we deployed ASP .NET MVC web application to IIS, From Server when we try to connect to SQL...
Read more >How to Fix “SSL Handshake Failed” & "Cloudflare 525" Error
The SSL Handshake Failed error occurs when the server and browser are unable to establish a secure connection.
Read more >OMT on GKE doesn't support an SSL connection to the native ...
Follow these steps to connect OMT to a native Google PostgreSQL database with SSL mode. Install OMT by following the usual process, but...
Read more >Using SSL With Native Executables - Quarkus
which configures our REST client to connect to an SSL REST service. ... NativeImagePhase] /opt/graalvm/bin/native-image -J-Dsun.nio.ch.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I have an other running solution, using a multistage docker build. This works without any errors.
This should be fine now, there have been a lof of changes in the GraalVM SSL support since this issue was opened.