You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@solr.apache.org by Houston Putman <ho...@apache.org> on 2023/02/17 17:25:56 UTC
Re: Connection to SSL enabled solr9 is failing
I have received the same complaint (around SSL in Solr 9) from others, and
think I found the root cause (we no longer allow using the default java
truststore when using HTTP2).
You can follow here: https://issues.apache.org/jira/browse/SOLR-16668
- Houston
On Tue, Jan 31, 2023 at 11:26 AM Jan Høydahl <ja...@cominvent.com> wrote:
> I did reply to your email on Jan 24th. If you subscribe to the list you
> will see the answer.
>
> Jan Høydahl
>
> > 31. jan. 2023 kl. 16:06 skrev Keerthi Turakapalli
> <tk...@opentext.com.invalid>:
> >
> > FYI
> > Can you please respond to this mail?
> >
> > Thanks & Regards,
> > Keerthi Turakapalli
> >
> > ________________________________
> > From: Keerthi Turakapalli
> > Sent: 24 January 2023 17:13
> > To: dev@solr.apache.org <de...@solr.apache.org>
> > Cc: Sangisetti Ramana <sr...@opentext.com>; Santosh Kumar Siliveru <
> ssiliver@opentext.com>; Dhoka Pramod <dp...@opentext.com>
> > Subject: Connection to SSL enabled solr9 is failing
> >
> > Hi,
> >
> > In solr8.11.2 we were using the below code where the HttpClient object
> is created with SSLContextFactory to connect to ssl enabled solr.
> >
> > Code Snippet using solr 8.11.2:
> >
> >
> > builder = new
> CloudSolrClient.Builder(Collections.singletonList(mServerDetails.getZookeeperUrl()),
> Optional.empty())
> > .withHttpClient(getSecureClient())
> >
> > reutrn builder.build();
> >
> > private CloseableHttpClient getSecureClient() {
> > CloseableHttpClient cHttpClient = null;
> > try {
> > TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
> > SSLContext sslContext =
> SSLContexts.custom().loadTrustMaterial(null,
> acceptingTrustStrategy).build();
> > SSLConnectionSocketFactory sslConnectionSocketFactory = new
> SSLConnectionSocketFactory(sslContext, new DefaultHostnameVerifier());
> > Registry<ConnectionSocketFactory> socketFactoryRegistry =
> RegistryBuilder.<ConnectionSocketFactory>create().
> > register(SCHEMA_HTTPS,
> sslConnectionSocketFactory).build();
> > BasicHttpClientConnectionManager connectionManager = new
> BasicHttpClientConnectionManager(socketFactoryRegistry);
> > cHttpClient =
> HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).setConnectionManager(connectionManager).build();
> > } catch(NoSuchAlgorithmException | KeyStoreException |
> KeyManagementException ex)
> > {
> > mLogger.atError().log("Processing httpclient failed.: {}", ex);
> > }
> > return cHttpClient;
> > }
> >
> > However, withHttpClient() in solr9.1.0 got updated and it is only
> accepting Http2SolrClient instead of HttpClient.
> > Following the documentation here:
> > https://solr.apache.org/guide/solr/latest/deployment-guide/solrj.html
> >
> > We tried to connect to ssl enabled solr using,
> >
> > This code leads to an NPE:
> >
> >
> > List<String> list = new ArrayList<>();
> > list.add(mServerDetails.getZookeeperUrl());
> > CloudHttp2SolrClient.Builder newBuilder = new
> CloudHttp2SolrClient.Builder(list, Optional.empty());
> > return newBuilder.build();
> >
> > This code is throwing below "Missing SSLContextFactory" error. Please
> find the stacktrace,
> > =====================================================
> >
> > DEBUG | 2023-01-24 14:31:50 | [Thread-175] impl.SolrServiceImpl
> (SolrServiceImpl.java:474) - Zookeeper Protocol: HTTPS, enableSSLFlag: true
> > ERROR | 2023-01-24 14:31:50 | [Thread-175] impl.SolrServiceImpl
> (SolrServiceImpl.java:218) - Failed to get the cluster status from the
> server.
> > org.apache.solr.client.solrj.SolrServerException:
> java.lang.NullPointerException: Missing SslContextFactory
> > at
> org.apache.solr.client.solrj.impl.LBSolrClient.doRequest(LBSolrClient.java:445)
> ~[?:?]
> > at
> org.apache.solr.client.solrj.impl.LBSolrClient.request(LBSolrClient.java:371)
> ~[?:?]
> > at
> org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1174)
> ~[?:?]
> > at
> org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:880)
> ~[?:?]
> > at
> org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:807)
> ~[?:?]
> > at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:234)
> ~[?:?]
> > at
> org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:249)
> ~[?:?]
> >
> > at com.zerog.ia.installer.actions.CustomAction.installSelf(Unknown
> Source) ~[installer.zip:?]
> > at com.zerog.ia.installer.util.GenericInstallPanel$2.run(Unknown Source)
> ~[installer.zip:?]
> >
> > Caused by: java.lang.NullPointerException: Missing SslContextFactory
> > at java.util.Objects.requireNonNull(Objects.java:246) ~[?:?]
> > at
> org.eclipse.jetty.io.ssl.SslClientConnectionFactory.<init>(SslClientConnectionFactory.java:57)
> ~[?:?]
> > at
> org.eclipse.jetty.client.HttpClient.newSslClientConnectionFactory(HttpClient.java:1208)
> ~[?:?]
> > at
> org.eclipse.jetty.client.HttpClient.newSslClientConnectionFactory(HttpClient.java:1214)
> ~[?:?]
> > at
> org.eclipse.jetty.client.HttpDestination.newSslClientConnectionFactory(HttpDestination.java:148)
> ~[?:?]
> > at
> org.eclipse.jetty.client.HttpDestination.newSslClientConnectionFactory(HttpDestination.java:154)
> ~[?:?]
> > at
> org.eclipse.jetty.client.HttpDestination.<init>(HttpDestination.java:94)
> ~[?:?]
> > at
> org.eclipse.jetty.client.MultiplexHttpDestination.<init>(MultiplexHttpDestination.java:25)
> ~[?:?]
> > at
> org.eclipse.jetty.http2.client.http.HttpDestinationOverHTTP2.<init>(HttpDestinationOverHTTP2.java:32)
> ~[?:?]
> > at
> org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2.newHttpDestination(HttpClientTransportOverHTTP2.java:128)
> ~[?:?]
> > at
> org.eclipse.jetty.client.HttpClient.lambda$resolveDestination$0(HttpClient.java:575)
> ~[?:?]
> > at
> java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1705)
> ~[?:?]
> > at
> org.eclipse.jetty.client.HttpClient.resolveDestination(HttpClient.java:573)
> ~[?:?]
> > at
> org.eclipse.jetty.client.HttpClient.resolveDestination(HttpClient.java:551)
> ~[?:?]
> > at org.eclipse.jetty.client.HttpClient.send(HttpClient.java:599) ~[?:?]
> > at org.eclipse.jetty.client.HttpRequest.sendAsync(HttpRequest.java:780)
> ~[?:?]
> > at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:767) ~[?:?]
> > at
> org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:455)
> ~[?:?]
> > at
> org.apache.solr.client.solrj.impl.LBSolrClient.doRequest(LBSolrClient.java:405)
> ~[?:?]
> > ============================================
> >
> > Here it is expecting SSLContextFactory while connecting to solr with the
> zookeeper host. We also tried to use the method "withSSLConfig(sslConfig)"
> in Http2SolrClient class. But the usage is something like
> >
> > <
> > new Http2SolrClient.Builder().build;
> >
> > public Builder withSSLConfig(SSLConfig sslConfig) {
> > this.sslConfig = sslConfig;
> > return this;
> > }
> >>
> >
> > Here withSSLConfig() method requiring SSLConfig object containing
> parameters like authClient, keystore, keystorePassword, trustore,
> truststorePassword. If this method is to be used, where and what values are
> expected here? However, to call this method in Builder() by default it is
> assigning defaultSSLConf. What does this do?
> >
> > Could you please let us know how to Build a CloudSlrClient object with
> SSLConfig that can connect to SSL enabled solr9 machine with zookeeper URL?
> > Or is it mandated to pass solr URL's?
> >
> > Thanks & Regards,
> > Keerthi Turakapalli
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@solr.apache.org
> For additional commands, e-mail: dev-help@solr.apache.org
>
>