You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "James E. King, III (JIRA)" <ji...@apache.org> on 2017/02/14 20:47:41 UTC
[jira] [Resolved] (THRIFT-4066) Perl client, C++ Server in cross
test with SSL fails, tlsv1 alert unknown ca
[ https://issues.apache.org/jira/browse/THRIFT-4066?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James E. King, III resolved THRIFT-4066.
----------------------------------------
Resolution: Duplicate
Perl was not properly authenticating or verifying CA because it was not possible to pass these down. This was fixed as part of THRIFT-3272.
> Perl client, C++ Server in cross test with SSL fails, tlsv1 alert unknown ca
> ----------------------------------------------------------------------------
>
> Key: THRIFT-4066
> URL: https://issues.apache.org/jira/browse/THRIFT-4066
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library, Perl - Library, Test Suite
> Affects Versions: 0.10.0
> Environment: Ubuntu 14.04 (gcc 4.6.4) Perl 5.18
> Reporter: James E. King, III
> Assignee: James E. King, III
>
> I re-enabled the two cpp-perl SSL based tests in make cross and they failed:
> cpp-perl binary framed-ip-ssl failure(255)
> cpp-perl binary buffered-ip-ssl failure(255)
> The cpp server complained that "tlsv1 alert unknown ca".
> {noformat}
> Thu Feb 02 14:07:33 2017
> Executing: /home/jking/thrift/github/thrift/test/cpp/TestServer --protocol=binary --transport=buffered --ssl --port=41785
> Directory: /home/jking/thrift/github/thrift/test/cpp
> config:delay: 5
> config:timeout: 5
> ==========================================================================
> Starting "simple" server (buffered/binary) listen on: 41785
> Thrift: Thu Feb 2 14:07:33 2017 TConnectedClient died: SSL_accept: error code: 0
> Thrift: Thu Feb 2 14:07:33 2017 TConnectedClient died: SSL_accept: tlsv1 alert unknown ca
> Thrift: Thu Feb 2 14:07:33 2017 TConnectedClient died: SSL_accept: tlsv1 alert unknown ca
> Thrift: Thu Feb 2 14:07:34 2017 TConnectedClient died: SSL_accept: tlsv1 alert unknown ca
> Thrift: Thu Feb 2 14:07:34 2017 TConnectedClient died: SSL_accept: tlsv1 alert unknown ca
> Thrift: Thu Feb 2 14:07:34 2017 TConnectedClient died: SSL_accept: tlsv1 alert unknown ca
> Thrift: Thu Feb 2 14:07:34 2017 TConnectedClient died: SSL_accept: tlsv1 alert unknown ca
> Thrift: Thu Feb 2 14:07:35 2017 TConnectedClient died: SSL_accept: tlsv1 alert unknown ca
> Thrift: Thu Feb 2 14:07:35 2017 TConnectedClient died: SSL_accept: tlsv1 alert unknown ca
> Server process is successfully killed.
> ==========================================================================
> Process is killed.
> Test execution took 2.2 seconds.
> Thu Feb 02 14:07:35 2017
> {noformat}
> The perl client simply said it could not connect:
> {noformat}
> Thu Feb 02 14:07:35 2017
> Executing: perl -Igen-perl/ -I../../lib/perl/lib/ TestClient.pl --cert=../keys/client.pem --protocol=binary --transport=buffered --ssl --port=41785
> Directory: /home/jking/thrift/github/thrift/test/perl
> config:delay: 5
> config:timeout: 5
> ==========================================================================
> $VAR1 = bless( {
> 'message' => 'Thrift::SSLSocket: Could not connect to localhost:41785 ()',
> 'code' => 0
> }, 'Thrift::TException' );
> ==========================================================================
> Return code: 255
> Test execution took 0.1 seconds.
> Thu Feb 02 14:07:35 2017
> {noformat}
> Given both tests should be using the same certificate files, this is quite odd.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)