You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2019/11/18 15:03:04 UTC
[GitHub] [zookeeper] anmolnar commented on issue #1107: ZOOKEEPER-2122: add
SSL support for C-client
anmolnar commented on issue #1107: ZOOKEEPER-2122: add SSL support for C-client
URL: https://github.com/apache/zookeeper/pull/1107#issuecomment-555053795
@symat Found 3 issues:
- `gencerts.sh` should use FQDN instead of `zookeeper.apache.org` as CN in order to make local testing easier (not really an issue),
- the CLI command line doesn't need `--host` as a parameter, only the list of hosts,
- patch doesn't work for me:
I specified the stores for both client and quorum communication: quorum was successfully brought up with TLS enabled, but client is unable to connect. Error message in server log:
```
2019-11-18 15:52:43,738 [myid:1] - ERROR [nioEventLoopGroup-4-6:NettyServerCnxnFactory$CertificateVerifier@386] - Unsuccessful handshake with session 0x0
2019-11-18 15:52:43,738 [myid:1] - WARN [nioEventLoopGroup-4-6:NettyServerCnxnFactory$CnxnChannelHandler@228] - Exception caught
io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 0000002d000000000000000000000000000075300000000000000000000000100000000000000000000000000000000000
```
We can take a look tomorrow in person.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services