You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Erik Merkle (Jira)" <ji...@apache.org> on 2020/12/19 01:19:00 UTC
[jira] [Comment Edited] (CASSANDRA-16362) SSLFactory should
initialize SSLContext before setting protocols
[ https://issues.apache.org/jira/browse/CASSANDRA-16362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17252068#comment-17252068 ]
Erik Merkle edited comment on CASSANDRA-16362 at 12/19/20, 1:18 AM:
--------------------------------------------------------------------
For reference, I stumbled across this running integration tests in the Medusa project for backup and restore. It was failing when run against trunk and trying to restore a snapshot with sstableloader. The test uses CCM to run Cassandra. If needed I could dig into the test setup and detail exactly what steps are done.
An easier test for me was to simply try this code:
{code:java}
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.getDefaultSSLParameters();
ctx.init(null, null, SecureRandom.getInstanceStrong());
} catch (Exception e) {
e.printStackTrace();
}
{code}
It fails the same way. Calling {{ctx.init()}} before {{ctx.getDefaultSSLParameters()}} seems to not produce the "not initialized" error.
was (Author: emerkle826):
For reference, I stumbled across this running integration tests in the Medusa project for backup and restore. It was failing when run against trunk and trying to restore a snapshot with sstableloader. The test uses CCM to run Cassandra. If needed I could dig into the test setup and detail exactly what steps are done.
An easier test for me was to simply try this code:
{code:java}
try {
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.getDefaultSSLParameters();
ctx.init(null, null, SecureRandom.getInstanceStrong());
} catch (Exception e) {
e.printStackTrace();
}
{code}
It fails the same way. Calling {{ctx.init()}} before {{ctx.getDefaultSSLParameters()}} seems to no produce the "not initialized" error.
> SSLFactory should initialize SSLContext before setting protocols
> ----------------------------------------------------------------
>
> Key: CASSANDRA-16362
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16362
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/bulk load
> Reporter: Erik Merkle
> Assignee: Jon Meredith
> Priority: Normal
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Trying to use sstableloader from the latest trunk produced the following Exception:
> {quote}
> Exception in thread "main" java.lang.RuntimeException: Could not create SSL Context.
> at org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:261)
> at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:64)
> at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:49)
> Caused by: java.io.IOException: Error creating/initializing the SSL Context
> at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:184)
> at org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:257)
> ... 2 more
> Caused by: java.lang.IllegalStateException: SSLContext is not initialized
> at sun.security.ssl.SSLContextImpl.engineGetSocketFactory(SSLContextImpl.java:208)
> at javax.net.ssl.SSLContextSpi.getDefaultSocket(SSLContextSpi.java:158)
> at javax.net.ssl.SSLContextSpi.engineGetDefaultSSLParameters(SSLContextSpi.java:184)
> at javax.net.ssl.SSLContext.getDefaultSSLParameters(SSLContext.java:435)
> at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:178)
> ... 3 more
> {quote}
> I believe this is because of a change to SSLFactory for CASSANDRA-13325 here:
> [https://github.com/apache/cassandra/commit/919a8964a83511d96766c3e53ba603e77bca626c#diff-0d569398cfd58566fc56bfb80c971a72afe3f392addc2df731a0b44baf29019eR177-R178]
>
> I think the solution is to call {{ctx.init()}} before trying to call {{ctx.getDefaultSSLParameters()}}, essentialy swapping the two lines in the link above.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org