pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] dsambandam commented on issue #2533: can't generate ca key using the open ssl cnf file suggested for TLS Auth
Date Thu, 13 Sep 2018 03:44:59 GMT
dsambandam commented on issue #2533: can't generate ca key using the open ssl cnf file suggested
for TLS Auth
URL: https://github.com/apache/incubator-pulsar/issues/2533#issuecomment-420873917
 
 
   Updated broker.conf and client.conf file with below configuration but not able to get pulsar-admin/client
working . Fails to with exception DecoderException : javax.net.ssl.SSLHandshakeException:
error:10000438:SSL routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
   
   @sijie Any suggestions to resolve this issue? 
   
   **# Broker Configuration to enable authentication**
   authenticationEnabled=true
   authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls
   
   tlsEnabled=true
   tlsCertificateFilePath=/Path/my-ca/broker.cert.pem
   tlsKeyFilePath=/Path/my-ca/broker.key-pk8.pem
   tlsTrustCertsFilePath=/Path/my-ca/certs/ca.cert.pem
   
   
   
   
   **# Pulsar Client and pulsar-admin configuration**
   
   webServiceUrl=https://carocnxodapa2v:8443/
   brokerServiceUrl=pulsar+ssl://carocnxodapa2v:6651/
   useTls=true
   tlsTrustCertsFilePath=/Path/my-ca/certs/ca.cert.pem
   #tlsEnableHostnameVerification=true
   authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
   authParams=tlsCertFile:/Path/my-ca/broker.cert.pem,tlsKeyFile:/Path/my-ca/broker.key-pk8.pem
   
   
   
   **Pulsar client consume command Logs:**
   
   2018-09-12 20:35:41,152 pulsar-client-io-1-1 DEBUG AsyncLogger.ThreadNameStrategy=UNCACHED
(user specified null, default is UNCACHED)
   20:35:41.317 [pulsar-client-io-1-1] WARN  org.apache.pulsar.client.impl.ClientCnx - Error
during handshake
   javax.net.ssl.SSLException: SSLEngine closed already
           at io.netty.handler.ssl.SslHandler.wrap(...)(Unknown Source) ~[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
   20:35:41.331 [pulsar-client-io-1-1] WARN  org.apache.pulsar.client.impl.ClientCnx - [broker1/IP:6651]
Got exception DecoderException : javax.net.ssl.SSLHandshakeException: error:10000438:SSL routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
   io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000438:SSL
routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
           at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459)
~[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
~[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1414)
[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:945)
[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:806)
[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message