cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jane Deng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-12773) cassandra-stress error for one way SSL
Date Tue, 11 Oct 2016 17:57:20 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-12773?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15566091#comment-15566091
] 

Jane Deng commented on CASSANDRA-12773:
---------------------------------------

To reproduce the error, I created a cluster with client-node SSL enabled, require_client_auth=false.
The password of the keystore and truststore are different from the default password of "cassandra".


I rebuilt cassandra with the change in SettingsTransport.java to bypass the problem:

{noformat}
           if (options.keyStore.present())
            {
                encOptions.keystore = options.keyStore.value();
                encOptions.keystore_password = options.keyStorePw.value();
            }
            else
            {
                // mandatory for SSLFactory.createSSLContext(), see CASSANDRA-9325
                encOptions.keystore = encOptions.truststore;
                // my code
                encOptions.keystore_password = encOptions.truststore_password;
            }
{noformat}

> cassandra-stress error for one way SSL 
> ---------------------------------------
>
>                 Key: CASSANDRA-12773
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12773
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tools
>            Reporter: Jane Deng
>
> CASSANDRA-9325 added keystore/truststore configuration into cassandra-stress. However,
for one way ssl (require_client_auth=false), there is no need to pass keystore info into ssloptions.
Cassadra-stress errored out:
> {noformat}
> java.lang.RuntimeException: java.io.IOException: Error creating the initializing the
SSL Context 
> at org.apache.cassandra.stress.settings.StressSettings.getJavaDriverClient(StressSettings.java:200)

> at org.apache.cassandra.stress.settings.SettingsSchema.createKeySpacesNative(SettingsSchema.java:79)

> at org.apache.cassandra.stress.settings.SettingsSchema.createKeySpaces(SettingsSchema.java:69)

> at org.apache.cassandra.stress.settings.StressSettings.maybeCreateKeyspaces(StressSettings.java:207)

> at org.apache.cassandra.stress.StressAction.run(StressAction.java:55) 
> at org.apache.cassandra.stress.Stress.main(Stress.java:117) 
> Caused by: java.io.IOException: Error creating the initializing the SSL Context 
> at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:151) 
> at org.apache.cassandra.stress.util.JavaDriverClient.connect(JavaDriverClient.java:128)

> at org.apache.cassandra.stress.settings.StressSettings.getJavaDriverClient(StressSettings.java:191)

> ... 5 more 
> Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect

> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772) 
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55) 
> at java.security.KeyStore.load(KeyStore.java:1445) 
> at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:129) 
> ... 7 more 
> Caused by: java.security.UnrecoverableKeyException: Password verification failed 
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770) 
> ... 10 more
> {noformat}
> It's a bug from CASSANDRA-9325. When the keystore is absent, the keystore is assigned
to the path of the truststore, but the password isn't taken care.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message