Bitwarden Unified fails to start: identity terminated by SIGABRT

[ianalexander]

Steps To Reproduce

1. Start bitwarden unified with the following docker compose configuration:

   
   version: "3.8"

services: bitwarden: image: bitwarden/self-host:beta container_name: bitwarden restart: unless-stopped ports:

• "8081:8080" volumes:
• ./data:/etc/bitwarden environment:
• BW_DOMAIN=my.domain.name
• BW_DB_PROVIDER=sqlite
• BW_DB_SERVER=db
• BW_DB_DATABASE=bitwarden_vault
• BW_DB_USERNAME=bitwarden
• BW_DB_PASSWORD=super_strong_password
• BW_INSTALLATION_ID=xxx
• BW_INSTALLATION_KEY=xxx

  2. Observe in the console:

  bitwarden | 2024-04-02 00:10:17,153 WARN exited: identity (terminated by SIGABRT (core dumped); not expected)

  3. After entering the container, notice the following entry in `identity.log`:

  Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:10080002:BIO routines::system lib at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle) at System.Security.Cryptography.X509Certificates.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at Bit.Core.Utilities.CoreHelpers.GetCertificate(String file, String password) in /source/src/Core/Utilities/CoreHelpers.cs:line 101 at Bit.Core.Utilities.CoreHelpers.GetIdentityServerCertificate(GlobalSettings globalSettings) in /source/src/Core/Utilities/CoreHelpers.cs:line 622 at Bit.SharedWeb.Utilities.ServiceCollectionExtensions.AddIdentityServerCertificate(IIdentityServerBuilder identityServerBuilder, IWebHostEnvironment env, GlobalSettings globalSettings) in /source/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs:line 503 at Bit.Identity.Utilities.ServiceCollectionExtensions.AddCustomIdentityServerServices(IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings) in /source/src/Identity/Utilities/ServiceCollectionExtensions.cs:line 25 at Bit.Identity.Startup.ConfigureServices(IServiceCollection services) in /source/src/Identity/Startup.cs:line 135 at System.RuntimeMethodHandle.InvokeMethod(Object target, Void** arguments, Signature sig, Boolean isConstructor) at System.Reflection.MethodBaseInvoker.InvokeDirectByRefWithFewArgs(Object obj, Span`1 copyOfArgs, BindingFlags invokeAttr) at System.Reflection.MethodBaseInvoker.InvokeWithOneArg(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.InvokeCore(Object instance, IServiceCollection services) at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.UseStartup(Type startupType, HostBuilderContext context, IServiceCollection services, Object instance) at Microsoft.Extensions.Hosting.HostBuilder.InitializeServiceProvider() at Microsoft.Extensions.Hosting.HostBuilder.Build() at Bit.Identity.Program.Main(String[] args) in /source/src/Identity/Program.cs:line 10

  
  4. Attempt to create a new account, but the server returns 502 error when POST to `/identity/accounts/register`

Expected Result

Container starts successfully and allows registration.

Actual Result

identity service crashes, which prevents registration

Screenshots or Videos

No response

Additional Context

No response

Githash Version

e7658192-dirty

Environment Details

Docker running on x86_64 system

Database Image

Sqlite

Issue-Link

https://github.com/bitwarden/server/issues/2480

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[ianalexander]

I can help debug, but any pointers to collect more information about the Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:10080002:BIO routines::system lib exception would be very helpful. Thak you!

[sammbw]

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

[xaocon]

@ianalexander, I'm not from bitwarden and I'm not familiar with the codebase so take anything I say with a grain of salt. Despite that, I'm looking at trying out hosted as well and was curious about this issue.

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:10080002:BIO routines::system lib isn't very helpful but it's basically handing back an unhelpful error message from OpenSSL. error:10080002:BIO routines::system lib should allow you to trace down the specific problem from OpenSSL but I wasn't able to find more info about it.

Further down in your trace we see that you're running down the code path here, which is trying to get a certificate from the file identity.pfx with a stored password.

I suspect there might be a problem with the identity.pfx. Maybe a permissions issue reading from it or some kind of corruption. No hard evidence with the info provided but might help you tracking more info down.