You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Anthony Baker (JIRA)" <ji...@apache.org> on 2018/04/20 19:56:09 UTC

[jira] [Closed] (GEODE-1166) Attempting to connect to a locator using SSL fails

     [ https://issues.apache.org/jira/browse/GEODE-1166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anthony Baker closed GEODE-1166.
--------------------------------

> Attempting to connect to a locator using SSL fails
> --------------------------------------------------
>
>                 Key: GEODE-1166
>                 URL: https://issues.apache.org/jira/browse/GEODE-1166
>             Project: Geode
>          Issue Type: Bug
>          Components: gfsh, management
>            Reporter: Barry Oglesby
>            Priority: Major
>
> {noformat}
> gfsh>connect --locator=localhost[10331] --security-properties-file=/path/to/gemfire-security.properties
> Connecting to Locator at [host=localhost, port=10331] ..
> Could not connect to Locator at [host=localhost, port=10331].
> Possible reason: Wrong or no SSL configuration provided. Please check logs /path/to/gfsh-%u_%g.log
> {noformat}
> One thing is the gfsh log file name is wrong.
> But the main issue is that it doesn't connect.
> I traced this to {{TcpClient.requestToServer}}. Instead of using the SSL {{SocketCreator}}, this method uses the non-SSL {{SocketCreator}} and fails to connect.
> In GemFire 8.2.0.x, the SSL {{SocketCreator}} is initialized in {{JmxManagerLocatorRequest.send}} like below before the call to {{TcpClient.requestToServer}} is made.
> {noformat}
> SocketCreator.getDefaultInstance(distributionConfigProps);
> {noformat}
> This line doesn't exist in Geode. It looks like the change came in on commit d2a942e8e5025b11432d87b5de902daae130aca7 of GEODE-77.
> As a test, I added that line back into {{JmxManagerLocatorRequest.send}}, and the SSL connection was made successfully.
> I'm not really sure why this line was taken out, so I don't know whether this change can be made. Another option would be to pass the {{distributionConfigProps}} to {{TcpClient.requestToServer}} and use them to create the SSL {{SocketCreator}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)