Bitwarden Unified fails to start: identity terminated by SIGABRT

[ianalexander]

Steps To Reproduce

1. Start bitwarden unified with the following docker compose configuration:

version: "3.8"

services:
  bitwarden:
    image: bitwarden/self-host:beta
    container_name: bitwarden
    restart: unless-stopped
    ports:
      - "8081:8080"
    volumes:
      - ./data:/etc/bitwarden
    environment:
      - BW_DOMAIN=my.domain.name
      - BW_DB_PROVIDER=sqlite
      - BW_DB_SERVER=db
      - BW_DB_DATABASE=bitwarden_vault
      - BW_DB_USERNAME=bitwarden
      - BW_DB_PASSWORD=super_strong_password
      - BW_INSTALLATION_ID=xxx
      - BW_INSTALLATION_KEY=xxx

2. Observe in the console:

bitwarden    | 2024-04-02 00:10:17,153 WARN exited: identity (terminated by SIGABRT (core dumped); not expected)

3. After entering the container, notice the following entry in identity.log:

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:10080002:BIO routines::system lib
   at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
   at System.Security.Cryptography.X509Certificates.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at Bit.Core.Utilities.CoreHelpers.GetCertificate(String file, String password) in /source/src/Core/Utilities/CoreHelpers.cs:line 101
   at Bit.Core.Utilities.CoreHelpers.GetIdentityServerCertificate(GlobalSettings globalSettings) in /source/src/Core/Utilities/CoreHelpers.cs:line 622
   at Bit.SharedWeb.Utilities.ServiceCollectionExtensions.AddIdentityServerCertificate(IIdentityServerBuilder identityServerBuilder, IWebHostEnvironment env, GlobalSettings globalSettings) in /source/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs:line 503
   at Bit.Identity.Utilities.ServiceCollectionExtensions.AddCustomIdentityServerServices(IServiceCollection services, IWebHostEnvironment env, GlobalSettings globalSettings) in /source/src/Identity/Utilities/ServiceCollectionExtensions.cs:line 25
   at Bit.Identity.Startup.ConfigureServices(IServiceCollection services) in /source/src/Identity/Startup.cs:line 135
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Void** arguments, Signature sig, Boolean isConstructor)
   at System.Reflection.MethodBaseInvoker.InvokeDirectByRefWithFewArgs(Object obj, Span`1 copyOfArgs, BindingFlags invokeAttr)
   at System.Reflection.MethodBaseInvoker.InvokeWithOneArg(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Microsoft.AspNetCore.Hosting.ConfigureServicesBuilder.InvokeCore(Object instance, IServiceCollection services)
   at Microsoft.AspNetCore.Hosting.GenericWebHostBuilder.UseStartup(Type startupType, HostBuilderContext context, IServiceCollection services, Object instance)
   at Microsoft.Extensions.Hosting.HostBuilder.InitializeServiceProvider()
   at Microsoft.Extensions.Hosting.HostBuilder.Build()
   at Bit.Identity.Program.Main(String[] args) in /source/src/Identity/Program.cs:line 10

4. Attempt to create a new account, but the server returns 502 error when POST to /identity/accounts/register

Expected Result

Container starts successfully and allows registration.

Actual Result

identity service crashes, which prevents registration

Screenshots or Videos

No response

Additional Context

No response

Githash Version

e765819-dirty

Environment Details

Docker running on x86_64 system

Database Image

Sqlite

Issue-Link

#2480

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[ianalexander]

I can help debug, but any pointers to collect more information about the Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:10080002:BIO routines::system lib exception would be very helpful. Thak you!

[sammbw]

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

[xaocon]

@ianalexander, I'm not from bitwarden and I'm not familiar with the codebase so take anything I say with a grain of salt. Despite that, I'm looking at trying out hosted as well and was curious about this issue.

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:10080002:BIO routines::system lib isn't very helpful but it's basically handing back an unhelpful error message from OpenSSL. error:10080002:BIO routines::system lib should allow you to trace down the specific problem from OpenSSL but I wasn't able to find more info about it.

Further down in your trace we see that you're running down the code path here, which is trying to get a certificate from the file identity.pfx with a stored password.

I suspect there might be a problem with the identity.pfx. Maybe a permissions issue reading from it or some kind of corruption. No hard evidence with the info provided but might help you tracking more info down.