You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Sergey Nuyanzin (Jira)" <ji...@apache.org> on 2023/09/07 07:30:00 UTC
[jira] [Created] (FLINK-33056) NettyClientServerSslTest#testValidSslConnection fails on AZP
Sergey Nuyanzin created FLINK-33056:
---------------------------------------
Summary: NettyClientServerSslTest#testValidSslConnection fails on AZP
Key: FLINK-33056
URL: https://issues.apache.org/jira/browse/FLINK-33056
Project: Flink
Issue Type: Bug
Components: Runtime / Configuration, Runtime / Coordination
Affects Versions: 1.19.0
Reporter: Sergey Nuyanzin
This build https://dev.azure.com/apache-flink/apache-flink/_build/results?buildId=53020&view=logs&j=77a9d8e1-d610-59b3-fc2a-4766541e0e33&t=125e07e7-8de0-5c6c-a541-a567415af3ef&l=8592
fails with
{noformat}
Test testValidSslConnection[SSL provider = JDK](org.apache.flink.runtime.io.network.netty.NettyClientServerSslTest) is running.
--------------------------------------------------------------------------------
01:20:31,479 [ main] INFO org.apache.flink.runtime.io.network.netty.NettyConfig [] - NettyConfig [server address: localhost/127.0.0.1, server port range: 36717, ssl enabled: true, memory segment size (bytes): 1024, transport type: AUTO, number of server threads: 1 (manual), number of client thr
eads: 1 (manual), server connect backlog: 0 (use Netty's default), client connect timeout (sec): 120, send/receive buffer size (bytes): 0 (use Netty's default)]
01:20:31,479 [ main] INFO org.apache.flink.runtime.io.network.netty.NettyServer [] - Transport type 'auto': using EPOLL.
01:20:31,475 [Flink Netty Client (42359) Thread 0] WARN org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline [] - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
org.apache.flink.shaded.netty4.io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: server certificate with unknown fingerprint: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_292]
Caused by: javax.net.ssl.SSLHandshakeException: server certificate with unknown fingerprint: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:1.8.0_292]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[?:1.8.0_292]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[?:1.8.0_292]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[?:1.8.0_292]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) ~[?:1.8.0_292]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[?:1.8.0_292]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[?:1.8.0_292]
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[?:1.8.0_292]
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[?:1.8.0_292]
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968) ~[?:1.8.0_292]
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:955) ~[?:1.8.0_292]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_292]
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:902) ~[?:1.8.0_292]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1559) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1405) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
... 14 more
Caused by: java.security.cert.CertificateException: server certificate with unknown fingerprint: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.FingerprintTrustManagerFactory$1.checkTrusted(FingerprintTrustManagerFactory.java:124) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.FingerprintTrustManagerFactory$1.checkServerTrusted(FingerprintTrustManagerFactory.java:108) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.X509TrustManagerWrapper.checkServerTrusted(X509TrustManagerWrapper.java:69) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632) ~[?:1.8.0_292]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) ~[?:1.8.0_292]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) ~[?:1.8.0_292]
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[?:1.8.0_292]
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[?:1.8.0_292]
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968) ~[?:1.8.0_292]
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:955) ~[?:1.8.0_292]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_292]
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:902) ~[?:1.8.0_292]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1559) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1405) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
... 14 more
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)