zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vaibhav Devekar <vaibhav.deve...@gmail.com>
Subject Re: SSL between java client and zookeeper?
Date Fri, 17 Jun 2016 21:04:54 GMT
Never mind, I figured that out. Quite silly of me. I did not realize that
CLIENT_JVMFLAGS was meant not just for zkCli but also for java clients!

I was providing the keystore and trustore values via the java.net.ssl
arguments. Having these separate JVM arguments does make sense. One may
want the SSL to be limited to zookeeper connections only.


---
Vaibhav Devekar



On Fri, Jun 17, 2016 at 1:14 PM, Devekar, Vaibhav <
Vaibhav.Devekar@staples.com> wrote:

> I¹m using 3.5.1-alpha. I did forget to update the version for the java
> library. Thank you for pointing that out. However, I still get the same
> error after using the latest.
> Is the zookeeper API supposed to work out of the box? The only thing I did
> was add keystore and trustore values as JVM arguments to tomcat. I also
> configured them in tomcat¹s server.xml
>
>
> --
> Vaibhav Devekar
> Dotcom-Search | Seattle Dev Lab
>
>
>
>
> On 6/17/16, 1:39 AM, "Flavio Junqueira" <fpj@apache.org> wrote:
>
> >Hi there,
> >
> >Which version of the client are you using? This is available only on the
> >3.5 branch and trunk.
> >
> >-Flavio
> >
> >> On 17 Jun 2016, at 00:29, Vaibhav Devekar <vaibhav.devekar@gmail.com>
> >>wrote:
> >>
> >> Re-sending since I probably wasn't subscribed before.
> >>
> >> ---
> >> Vaibhav Devekar
> >>
> >>
> >>
> >> On Thu, Jun 16, 2016 at 4:23 PM, Vaibhav Devekar
> >><vaibhav.devekar@gmail.com>
> >> wrote:
> >>
> >>> Hi all,
> >>>
> >>> I'm using zookeeper for dynamic config management among spring apps
> >>>hosted
> >>> on many servers. I'm trying to employ SSL for communication between
> >>>these
> >>> java app and zookeeper since these properties can be sensitive
> >>>information
> >>> such as database passwords.
> >>>
> >>> Based on this guide -
> >>>
> >>>
> https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User
> >>>+Guide,
> >>> I was able to test out SSL for zkCli and zookeeper. I was also able to
> >>> verify that two java web apps can do 2-way SSL with each other. I'm now
> >>> trying to do the same with a java client(spring webapp) and zookeeper.
> >>> However, it hasn't worked so far. The zookeeper log says:
> >>>
> >>> 2016-06-16 14:42:56,379 [myid:] - WARN  [New I/O worker
> >>> #21:NettyServerCnxnFactory$CnxnChannelHandler@141] - Exception caught
> >>> [id: 0x265bca3f, /fe80:0:0:0:0:0:0:1%1:61137 =>
> >>>/fe80:0:0:0:0:0:0:1%1:2281]
> >>> EXCEPTION: org.jboss.netty.handler.ssl.NotSslRecordException: not an
> >>> SSL/TLS record:
> >>>
> >>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
> >>>00000000000000000000000000
> >>> org.jboss.netty.handler.ssl.NotSslRecordException: not an SSL/TLS
> >>>record:
> >>>
> >>>0000002d0000000000000000000000000000ea6000000000000000000000001000000000
> >>>00000000000000000000000000
> >>>
> >>>
> >>> Any pointers would be great. Does java API for zookeeper even support
> >>>SSL?
> >>>
> >>> Code example: https://github.com/devekar/sslDemo
> >>>
> >>> Thank you.
> >>>
> >>> ---
> >>> Vaibhav Devekar
> >>>
> >>>
> >>>
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message