You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/01/31 00:30:12 UTC
[GitHub] rdhabalia opened a new pull request #3486: [pulsar-broker] separate
broker-client config to allow-insecure-cnx for broker replication
rdhabalia opened a new pull request #3486: [pulsar-broker] separate broker-client config to allow-insecure-cnx for broker replication
URL: https://github.com/apache/pulsar/pull/3486
### Motivation
[HttpClient](https://github.com/apache/pulsar/blob/master/pulsar-client/src/main/java/org/apache/pulsar/client/impl/HttpClient.java#L106) by-default does hostnameverification which we want to avoid in somecases and it can be avoided by configuring at client-side.
`confBuilder.setUseInsecureTrustManager(false);`
Now, Broker is having `tlsAllowInsecureConnection` config which is used to create secured incoming and outgoing (replication-cnx) connection but broker may want to disable hostname verification for replication for which it requires separate config else broker will receive below exception on replication.
```
16:22:59.066 [main:org.apache.pulsar.client.impl.PulsarClientImpl@546] INFO org.apache.pulsar.client.impl.PulsarClientImpl - Client closing. URL: pulsar://localhost:15821
FAILED: testTlsLargeSizeMessage
org.apache.pulsar.client.api.PulsarClientException: java.util.concurrent.ExecutionException: java.net.ConnectException: General OpenSslEngine problem
at org.apache.pulsar.client.impl.HttpClient.lambda$0(HttpClient.java:179)
at org.asynchttpclient.netty.NettyResponseFuture.lambda$addListener$0(NettyResponseFuture.java:298)
at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:760)
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:736)
at java.util.concurrent.CompletableFuture$Completion.run(CompletableFuture.java:442)
at com.google.common.util.concurrent.MoreExecutors$DirectExecutor.execute(MoreExecutors.java:399)
at java.util.concurrent.CompletableFuture$UniCompletion.claim(CompletableFuture.java:529)
at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:751)
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:736)
at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474)
at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1977)
at org.asynchttpclient.netty.NettyResponseFuture.abort(NettyResponseFuture.java:277)
at org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:198)
at org.asynchttpclient.netty.channel.NettyConnectListener$2.onFailure(NettyConnectListener.java:167)
at org.asynchttpclient.netty.SimpleFutureListener.operationComplete(SimpleFutureListener.java:26)
at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:511)
at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:504)
at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:483)
at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:424)
at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:121)
at io.netty.handler.ssl.SslHandler.handleUnwrapThrowable(SslHandler.java:1183)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1165)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1203)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1414)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:945)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:146)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:580)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:886)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.util.concurrent.ExecutionException: java.net.ConnectException: General OpenSslEngine problem
at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:357)
at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1895)
at org.asynchttpclient.netty.NettyResponseFuture.get(NettyResponseFuture.java:205)
at org.apache.pulsar.client.impl.HttpClient.lambda$0(HttpClient.java:162)
... 40 more
Caused by: java.net.ConnectException: General OpenSslEngine problem
at org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:196)
... 28 more
Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:634)
at io.netty.internal.tcnative.SSL.readFromSSL(Native Method)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.readPlaintextData(ReferenceCountedOpenSslEngine.java:486)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1025)
at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1132)
at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:211)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1257)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1159)
... 19 more
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching localhost found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:221)
at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:630)
... 26 more
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services