[
https://issues.apache.org/jira/browse/CASSANDRA-12773?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15566091#comment-15566091
]
Jane Deng commented on CASSANDRA-12773:
---------------------------------------
To reproduce the error, I created a cluster with client-node SSL enabled,
require_client_auth=false. The password of the keystore and truststore are
different from the default password of "cassandra".
I rebuilt cassandra with the change in SettingsTransport.java to bypass the
problem:
{noformat}
if (options.keyStore.present())
{
encOptions.keystore = options.keyStore.value();
encOptions.keystore_password = options.keyStorePw.value();
}
else
{
// mandatory for SSLFactory.createSSLContext(), see
CASSANDRA-9325
encOptions.keystore = encOptions.truststore;
// my code
encOptions.keystore_password = encOptions.truststore_password;
}
{noformat}
> cassandra-stress error for one way SSL
> ---------------------------------------
>
> Key: CASSANDRA-12773
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12773
> Project: Cassandra
> Issue Type: Bug
> Components: Tools
> Reporter: Jane Deng
>
> CASSANDRA-9325 added keystore/truststore configuration into cassandra-stress.
> However, for one way ssl (require_client_auth=false), there is no need to
> pass keystore info into ssloptions. Cassadra-stress errored out:
> {noformat}
> java.lang.RuntimeException: java.io.IOException: Error creating the
> initializing the SSL Context
> at
> org.apache.cassandra.stress.settings.StressSettings.getJavaDriverClient(StressSettings.java:200)
>
> at
> org.apache.cassandra.stress.settings.SettingsSchema.createKeySpacesNative(SettingsSchema.java:79)
>
> at
> org.apache.cassandra.stress.settings.SettingsSchema.createKeySpaces(SettingsSchema.java:69)
>
> at
> org.apache.cassandra.stress.settings.StressSettings.maybeCreateKeyspaces(StressSettings.java:207)
>
> at org.apache.cassandra.stress.StressAction.run(StressAction.java:55)
> at org.apache.cassandra.stress.Stress.main(Stress.java:117)
> Caused by: java.io.IOException: Error creating the initializing the SSL
> Context
> at
> org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:151)
>
> at
> org.apache.cassandra.stress.util.JavaDriverClient.connect(JavaDriverClient.java:128)
>
> at
> org.apache.cassandra.stress.settings.StressSettings.getJavaDriverClient(StressSettings.java:191)
>
> ... 5 more
> Caused by: java.io.IOException: Keystore was tampered with, or password was
> incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> at java.security.KeyStore.load(KeyStore.java:1445)
> at
> org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:129)
>
> ... 7 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
> ... 10 more
> {noformat}
> It's a bug from CASSANDRA-9325. When the keystore is absent, the keystore is
> assigned to the path of the truststore, but the password isn't taken care.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
