You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Erik Merkle (Jira)" <ji...@apache.org> on 2020/12/19 01:19:00 UTC

[jira] [Comment Edited] (CASSANDRA-16362) SSLFactory should initialize SSLContext before setting protocols

    [ https://issues.apache.org/jira/browse/CASSANDRA-16362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17252068#comment-17252068 ] 

Erik Merkle edited comment on CASSANDRA-16362 at 12/19/20, 1:18 AM:
--------------------------------------------------------------------

For reference, I stumbled across this running integration tests in the Medusa project for backup and restore. It was failing when run against trunk and trying to restore a snapshot with sstableloader. The test uses CCM to run Cassandra. If needed I could dig into the test setup and detail exactly what steps are done.

An easier test for me was to simply try this code:
{code:java}
    try {
      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.getDefaultSSLParameters();
      ctx.init(null, null, SecureRandom.getInstanceStrong());
    } catch (Exception e) {
      e.printStackTrace();
    }
{code}

It fails the same way. Calling {{ctx.init()}} before {{ctx.getDefaultSSLParameters()}} seems to not produce the "not initialized" error.
 


was (Author: emerkle826):
For reference, I stumbled across this running integration tests in the Medusa project for backup and restore. It was failing when run against trunk and trying to restore a snapshot with sstableloader. The test uses CCM to run Cassandra. If needed I could dig into the test setup and detail exactly what steps are done.

An easier test for me was to simply try this code:
{code:java}
    try {
      SSLContext ctx = SSLContext.getInstance("TLS");
      ctx.getDefaultSSLParameters();
      ctx.init(null, null, SecureRandom.getInstanceStrong());
    } catch (Exception e) {
      e.printStackTrace();
    }
{code}

It fails the same way. Calling {{ctx.init()}} before {{ctx.getDefaultSSLParameters()}} seems to no produce the "not initialized" error.
 

> SSLFactory should initialize SSLContext before setting protocols
> ----------------------------------------------------------------
>
>                 Key: CASSANDRA-16362
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16362
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tool/bulk load
>            Reporter: Erik Merkle
>            Assignee: Jon Meredith
>            Priority: Normal
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Trying to use sstableloader from the latest trunk produced the following Exception:
> {quote}
> Exception in thread "main" java.lang.RuntimeException: Could not create SSL Context.
> 	at org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:261)
> 	at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:64)
> 	at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:49)
> Caused by: java.io.IOException: Error creating/initializing the SSL Context
> 	at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:184)
> 	at org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:257)
> 	... 2 more
> Caused by: java.lang.IllegalStateException: SSLContext is not initialized
> 	at sun.security.ssl.SSLContextImpl.engineGetSocketFactory(SSLContextImpl.java:208)
> 	at javax.net.ssl.SSLContextSpi.getDefaultSocket(SSLContextSpi.java:158)
> 	at javax.net.ssl.SSLContextSpi.engineGetDefaultSSLParameters(SSLContextSpi.java:184)
> 	at javax.net.ssl.SSLContext.getDefaultSSLParameters(SSLContext.java:435)
> 	at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:178)
> 	... 3 more
> {quote}
> I believe this is because of a change to SSLFactory for CASSANDRA-13325 here:
> [https://github.com/apache/cassandra/commit/919a8964a83511d96766c3e53ba603e77bca626c#diff-0d569398cfd58566fc56bfb80c971a72afe3f392addc2df731a0b44baf29019eR177-R178]
>  
> I think the solution is to call {{ctx.init()}} before trying to call {{ctx.getDefaultSSLParameters()}}, essentialy swapping the two lines in the link above.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org