[
https://issues.apache.org/jira/browse/CASSANDRA-16362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17253347#comment-17253347
]
Alexander Dejanovski commented on CASSANDRA-16362:
--------------------------------------------------
Hi [~jmeredithco],
thanks for issuing a patch.
I tested it with Medusa's integration tests and now get the following error:
{noformat}
WARN 09:57:44,993 Failed to initialize a channel. Closing: [id: 0x61e6eef5]
java.lang.IllegalArgumentException: TLSv1.3
at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
at
sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
at
org.apache.cassandra.tools.BulkLoader$1.newSSLEngine(BulkLoader.java:276)
at
com.datastax.driver.core.RemoteEndpointAwareJdkSSLOptions.newSSLHandler(RemoteEndpointAwareJdkSSLOptions.java:62)
at
com.datastax.driver.core.Connection$Initializer.initChannel(Connection.java:1700)
at
com.datastax.driver.core.Connection$Initializer.initChannel(Connection.java:1644)
at
com.datastax.shaded.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:113)
at
com.datastax.shaded.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:105)
at
com.datastax.shaded.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:593)
at
com.datastax.shaded.netty.channel.DefaultChannelPipeline.access$000(DefaultChannelPipeline.java:44)
at
com.datastax.shaded.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1357)
at
com.datastax.shaded.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1092)
at
com.datastax.shaded.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:642)
at
com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:456)
at
com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:378)
at
com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:428)
at
com.datastax.shaded.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:399)
at
com.datastax.shaded.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:464)
at
com.datastax.shaded.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131)
at
com.datastax.shaded.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:748)
All host(s) tried for query failed (tried: localhost/127.0.0.1:9042
(com.datastax.driver.core.exceptions.TransportException:
[localhost/127.0.0.1:9042] Cannot connect))
com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried
for query failed (tried: localhost/127.0.0.1:9042
(com.datastax.driver.core.exceptions.TransportException:
[localhost/127.0.0.1:9042] Cannot connect))
at
com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:268)
at
com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:107)
at
com.datastax.driver.core.Cluster$Manager.negotiateProtocolVersionAndConnect(Cluster.java:1813)
at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1726)
at com.datastax.driver.core.Cluster.init(Cluster.java:214)
at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:387)
at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:366)
at com.datastax.driver.core.Cluster.connect(Cluster.java:311)
at
org.apache.cassandra.utils.NativeSSTableLoaderClient.init(NativeSSTableLoaderClient.java:75)
at
org.apache.cassandra.io.sstable.SSTableLoader.stream(SSTableLoader.java:183)
at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:79)
at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:51)
{noformat}
Here's the sstableloader command that is being issued:
{noformat}
subprocess.CalledProcessError: Command
'['/Users/adejanovski/.ccm/repository/githubCOLONjonmeredithSLASHC16362/bin/sstableloader',
'-d', '127.0.0.1', '--conf-path',
'/Users/adejanovski/.ccm/scenario11/node1/conf/cassandra.yaml', '--username',
'cassandra', '--password', 'cassandra', '--no-progress',
'/tmp/medusa-restore-97ec3e11-426a-4924-8bc0-379e99ff2205/system_distributed/repair_history-759fffad624b318180eefa9a52d1f627',
'-ts',
'/Users/adejanovski/projets/cassandra/thelastpickle/cassandra-medusa/tests/resources/local_with_ssl/generic-server-truststore.jks',
'-tspw', 'truststorePass1', '-ks',
'/Users/adejanovski/projets/cassandra/thelastpickle/cassandra-medusa/tests/resources/local_with_ssl/127.0.0.1.jks',
'-kspw', 'testdata1']'
{noformat}
Is there a problem with the default SSL protocol version? Should we enforce it
when invoking sstableloader?
> SSLFactory should initialize SSLContext before setting protocols
> ----------------------------------------------------------------
>
> Key: CASSANDRA-16362
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16362
> Project: Cassandra
> Issue Type: Bug
> Components: Tool/bulk load
> Reporter: Erik Merkle
> Assignee: Jon Meredith
> Priority: Normal
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Trying to use sstableloader from the latest trunk produced the following
> Exception:
> {quote}
> Exception in thread "main" java.lang.RuntimeException: Could not create SSL
> Context.
> at
> org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:261)
> at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:64)
> at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:49)
> Caused by: java.io.IOException: Error creating/initializing the SSL Context
> at
> org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:184)
> at
> org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:257)
> ... 2 more
> Caused by: java.lang.IllegalStateException: SSLContext is not initialized
> at
> sun.security.ssl.SSLContextImpl.engineGetSocketFactory(SSLContextImpl.java:208)
> at javax.net.ssl.SSLContextSpi.getDefaultSocket(SSLContextSpi.java:158)
> at
> javax.net.ssl.SSLContextSpi.engineGetDefaultSSLParameters(SSLContextSpi.java:184)
> at javax.net.ssl.SSLContext.getDefaultSSLParameters(SSLContext.java:435)
> at
> org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:178)
> ... 3 more
> {quote}
> I believe this is because of a change to SSLFactory for CASSANDRA-13325 here:
> [https://github.com/apache/cassandra/commit/919a8964a83511d96766c3e53ba603e77bca626c#diff-0d569398cfd58566fc56bfb80c971a72afe3f392addc2df731a0b44baf29019eR177-R178]
>
> I think the solution is to call {{ctx.init()}} before trying to call
> {{ctx.getDefaultSSLParameters()}}, essentialy swapping the two lines in the
> link above.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
