[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working

Thu, 28 May 2020 12:14:14 -0700 


    [ 
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17119007#comment-17119007
 ] 

ASF subversion and git services commented on GEODE-8144:
--------------------------------------------------------

Commit bcc097a6dda38ab276720521ab0308cef7a4c1be in geode's branch 
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=bcc097a ]

GEODE-8144 another attempt to fix a failing test (#5172)

* modified SocketCreator to look for a hostname if one is not present and 
endpoint verification is enabled

This fixes some problems when running in docker containers

* removed test shell script

* GEODE-8144 another attempt to fix a failing test

The JMX tests in this test class use "localhost" to connect to a
Manager.  This is being transformed somehow into an IP numeric address
and is failing endpoint verification.  The test passes on my Windows machine
and also passes on Mac and Ubuntu when I run it there.  I'm
adding the "localhost" IP address to the certificate to get past this.
Another fix would be to change the Rule that's using "localhost" to
use the real host name but that would affect a lot of other tests.

Before I started messing with this test it was adding
InetAddress.getLocalHost() as an IP address to the certificate so I
don't think this is a big change to the original test.  The test now
uses LocalHostUtils.getLocalHost() to get an IP to add to the
certificate, which is the correct "localhost" to use with Geode.

(cherry picked from commit 42c11640c75ae87038e07cbde3c98a3ca6b36987)


> endpoint identification in servers is not working
> -------------------------------------------------
>
>                 Key: GEODE-8144
>                 URL: https://issues.apache.org/jira/browse/GEODE-8144
>             Project: Geode
>          Issue Type: Bug
>          Components: membership, messaging
>            Reporter: Bruce J Schuchardt
>            Priority: Major
>             Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by 
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.  
> It will log exceptions like this:
>  
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>       at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
>       at 
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
>       at 
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
>       at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
>       at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
>       at 
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
>       at 
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
>       at 
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
>       at org.apache.geode.internal.tcp.Connection.<init>(Connection.java:1167)
>       at 
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
>       at 
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
>       at 
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
>       at 
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
>       at 
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
>       at 
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
>       at 
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
>       at 
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
>       at 
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
>       at 
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
>       at 
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
>       at 
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
>       at 
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
>       at 
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
>       at 
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
>       at 
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
>       at 
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
>       at 
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
>       at 
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
>       at 
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
>       at 
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
>       at 
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
>       at src.EntryConsumer.initialize(EntryConsumer.java:69)
>       at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>       at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
>       at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
>       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333)
>       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:325)
>       at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1688)
>       at 
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226)
>       at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082)
>       at sun.security.ssl.Handshaker$1.run(Handshaker.java:1015)
>       at sun.security.ssl.Handshaker$1.run(Handshaker.java:1012)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1504)
>       at 
> org.apache.geode.internal.net.NioSslEngine.handleBlockingTasks(NioSslEngine.java:225)
>       at 
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:185)
>       ... 27 more
> Caused by: java.security.cert.CertificateException: No subject alternative 
> names matching IP address 10.118.26.62 found
>       at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:168)
>       at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
>       at 
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
>       at 
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:442)
>       at 
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:261)
>       at 
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
>       at 
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1675)
>       ... 35 more
> {noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to