You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@bookkeeper.apache.org by Pr...@dell.com on 2019/12/17 08:41:12 UTC
TLS verification is not working with apache bookkeeper 4.7.3
Hi Team,
I am working for a group which is using apache bookkeeper 4.7.3, I am trying to enable tls in apache bookkeeper I have added tls properties in the bk_server.conf file and I have created a sample java application which communicates to the bookkeeper server, the problem that I am facing is that the bookkeeper is tls enabled and the client is not tls enabled even then the client can communicate to the server which shouldn't be happening, can you let me know why this might be happening. I have attached the bk_server.conf file as well as the java client code in the mail as well.
Thanks,
Prabhaker Saxena
RE: TLS verification is not working with apache bookkeeper 4.7.3
Posted by Pr...@dell.com.
Hi Enrico thanks for the clarification I have gone through the Testtls code, actually I am running local bookie I have set all the tls properties in the bk_server.conf that I saw in the Testtls code that you pointed me to and I am connecting to it using a java client application but for some reason tls is not working for me please can you look at the config file and the java code and can you point me what I might be doing wrong?
Thanks
Prabhaker
From: Enrico Olivelli <eo...@gmail.com>
Sent: Tuesday, December 17, 2019 2:53 PM
To: user
Cc: Sharda, Ravi
Subject: Re: TLS verification is not working with apache bookkeeper 4.7.3
[EXTERNAL EMAIL]
Hi Prabhaker,
Bookie exposes only one client port, and in order to use TLS we are using the StartTLS approach, so the client requires to upgrade to TLS mode once the connection is established.
you have two ways to achive your goal:
1) Enable client TLS authentication with tlsClientAuthentication=true but this way you have to provide TLS certificates to clients and provide a trust store to the bookies
2) You can add an Auth plugin that performs the check you want:
This is a relevant test case in BookKeeper repository that is a good example
https://github.com/apache/bookkeeper/blob/master/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java#L498
In my opinion it would be easy to add some out-of-the-box support to forbid access to unsecured clients or provide such Auth Plugin in the standard bookeeper bundle
Best regards
Enrico
Il giorno mar 17 dic 2019 alle ore 10:08 <Pr...@dell.com>> ha scritto:
Hi Team,
I am working for a group which is using apache bookkeeper 4.7.3, I am trying to enable tls in apache bookkeeper I have added tls properties in the bk_server.conf file and I have created a sample java application which communicates to the bookkeeper server, the problem that I am facing is that the bookkeeper is tls enabled and the client is not tls enabled even then the client can communicate to the server which shouldn't be happening, can you let me know why this might be happening. I have attached the bk_server.conf file as well as the java client code in the mail as well.
Thanks,
Prabhaker Saxena
Re: TLS verification is not working with apache bookkeeper 4.7.3
Posted by Enrico Olivelli <eo...@gmail.com>.
Hi Prabhaker,
Bookie exposes only one client port, and in order to use TLS we are using
the StartTLS approach, so the client requires to upgrade to TLS mode once
the connection is established.
you have two ways to achive your goal:
1) Enable client TLS authentication with tlsClientAuthentication=true but
this way you have to provide TLS certificates to clients and provide a
trust store to the bookies
2) You can add an Auth plugin that performs the check you want:
This is a relevant test case in BookKeeper repository that is a good example
https://github.com/apache/bookkeeper/blob/master/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java#L498
In my opinion it would be easy to add some out-of-the-box support to forbid
access to unsecured clients or provide such Auth Plugin in the standard
bookeeper bundle
Best regards
Enrico
Il giorno mar 17 dic 2019 alle ore 10:08 <Pr...@dell.com> ha
scritto:
> Hi Team,
>
>
>
> I am working for a group which is using apache bookkeeper 4.7.3, I am
> trying to enable tls in apache bookkeeper I have added tls properties in
> the bk_server.conf file and I have created a sample java application which
> communicates to the bookkeeper server, the problem that I am facing is that
> the bookkeeper is tls enabled and the client is not tls enabled even then
> the client can communicate to the server which shouldn't be happening, can
> you let me know why this might be happening. I have attached the
> bk_server.conf file as well as the java client code in the mail as well.
>
>
>
> Thanks,
>
> Prabhaker Saxena
>