You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@pulsar.apache.org by tamer Abdlatif <ta...@gmail.com> on 2022/02/08 17:04:44 UTC
TLS error when enable Geo replication between two clusters
Hi Team ,
I'm trying to enable geo replication between two clusters
i;m using replciationTLSenabled =true
brokerClientTlsEnabled=true
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
while TrustCertsFilePath is pointing to different CA cert in both clusters
I'm getting below errr when start publishing to a topic under a replicated
namespace
WARN org.apache.pulsar.client.impl.ClientCnx - Error during handshake
javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1892)
~[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:813)
~[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:511) ~[?:1.8.0_312]
at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1040)
[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:926)
[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1408)
[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1246)
[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1286)
[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
[io.netty-netty-codec-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
[io.netty-netty-codec-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
[io.netty-netty-codec-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[io.netty-netty-transport-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[io.netty-netty-transport-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
[io.netty-netty-transport-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
[io.netty-netty-transport-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[io.netty-netty-transport-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[io.netty-netty-transport-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
[io.netty-netty-transport-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:795)
[io.netty-netty-transport-native-epoll-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:480)
[io.netty-netty-transport-native-epoll-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:378)
[io.netty-netty-transport-native-epoll-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
[io.netty-netty-common-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
[io.netty-netty-common-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
[io.netty-netty-common-4.1.68.Final.jar:4.1.68.Final]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_312]
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
~[?:1.8.0_312]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
~[?:1.8.0_312]
at sun.security.validator.Validator.validate(Validator.java:271)
~[?:1.8.0_312]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
~[?:1.8.0_312]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278)
~[?:1.8.0_312]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
~[?:1.8.0_312]
at
io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:234)
~[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:748)
~[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at
io.netty.internal.tcnative.CertificateVerifierTask.runTask(CertificateVerifierTask.java:36)
~[io.netty-netty-tcnative-boringssl-static-2.0.42.Final.jar:?]
at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:48)
~[io.netty-netty-tcnative-boringssl-static-2.0.42.Final.jar:?]
at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:42)
~[io.netty-netty-tcnative-boringssl-static-2.0.42.Final.jar:?]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine$TaskDecorator.run(ReferenceCountedOpenSslEngine.java:1455)
~[io.netty-netty-handler-4.1.68.Final.jar:4.1.68.Final]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.jav