You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2020/03/31 22:48:03 UTC
[GitHub] [zookeeper] kaosmonk commented on issue #1107: ZOOKEEPER-2122: add
SSL support for C-client
kaosmonk commented on issue #1107: ZOOKEEPER-2122: add SSL support for C-client
URL: https://github.com/apache/zookeeper/pull/1107#issuecomment-606924901
> @symat Found 3 issues:
>
> * `gencerts.sh` should use FQDN instead of `zookeeper.apache.org` as CN in order to make local testing easier (not really an issue),
> * the CLI command line doesn't need `--host` as a parameter, only the list of hosts,
> * patch doesn't work for me:
>
> I specified the stores for both client and quorum communication: quorum was successfully brought up with TLS enabled, but client is unable to connect. Error message in server log:
>
> ```
> 2019-11-18 15:52:43,738 [myid:1] - ERROR [nioEventLoopGroup-4-6:NettyServerCnxnFactory$CertificateVerifier@386] - Unsuccessful handshake with session 0x0
> 2019-11-18 15:52:43,738 [myid:1] - WARN [nioEventLoopGroup-4-6:NettyServerCnxnFactory$CnxnChannelHandler@228] - Exception caught
> io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0000002d000000000000000000000000000075300000000000000000000000100000000000000000000000000000000000
> ```
>
> We can take a look tomorrow in person.
Apologies for using this thread, but I am experiencing this very same error as above in my 3 node cluster (3.5.5). What was the solution here?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services