[jira] [Commented] (CASSANDRA-16362) SSLFactory should initialize SSLContext before setting protocols

Tue, 22 Dec 2020 01:05:36 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17253347#comment-17253347
 ] 

Alexander Dejanovski commented on CASSANDRA-16362:
--------------------------------------------------

Hi [~jmeredithco],

thanks for issuing a patch.
I tested it with Medusa's integration tests and now get the following error:

{noformat}
WARN  09:57:44,993 Failed to initialize a channel. Closing: [id: 0x61e6eef5]
java.lang.IllegalArgumentException: TLSv1.3
        at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
        at sun.security.ssl.ProtocolList.convert(ProtocolList.java:84)
        at sun.security.ssl.ProtocolList.<init>(ProtocolList.java:52)
        at 
sun.security.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:2081)
        at 
org.apache.cassandra.tools.BulkLoader$1.newSSLEngine(BulkLoader.java:276)
        at 
com.datastax.driver.core.RemoteEndpointAwareJdkSSLOptions.newSSLHandler(RemoteEndpointAwareJdkSSLOptions.java:62)
        at 
com.datastax.driver.core.Connection$Initializer.initChannel(Connection.java:1700)
        at 
com.datastax.driver.core.Connection$Initializer.initChannel(Connection.java:1644)
        at 
com.datastax.shaded.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:113)
        at 
com.datastax.shaded.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:105)
        at 
com.datastax.shaded.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:593)
        at 
com.datastax.shaded.netty.channel.DefaultChannelPipeline.access$000(DefaultChannelPipeline.java:44)
        at 
com.datastax.shaded.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1357)
        at 
com.datastax.shaded.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1092)
        at 
com.datastax.shaded.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:642)
        at 
com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:456)
        at 
com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:378)
        at 
com.datastax.shaded.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:428)
        at 
com.datastax.shaded.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:399)
        at 
com.datastax.shaded.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:464)
        at 
com.datastax.shaded.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131)
        at 
com.datastax.shaded.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.lang.Thread.run(Thread.java:748)
All host(s) tried for query failed (tried: localhost/127.0.0.1:9042 
(com.datastax.driver.core.exceptions.TransportException: 
[localhost/127.0.0.1:9042] Cannot connect))
com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s) tried 
for query failed (tried: localhost/127.0.0.1:9042 
(com.datastax.driver.core.exceptions.TransportException: 
[localhost/127.0.0.1:9042] Cannot connect))
        at 
com.datastax.driver.core.ControlConnection.reconnectInternal(ControlConnection.java:268)
        at 
com.datastax.driver.core.ControlConnection.connect(ControlConnection.java:107)
        at 
com.datastax.driver.core.Cluster$Manager.negotiateProtocolVersionAndConnect(Cluster.java:1813)
        at com.datastax.driver.core.Cluster$Manager.init(Cluster.java:1726)
        at com.datastax.driver.core.Cluster.init(Cluster.java:214)
        at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:387)
        at com.datastax.driver.core.Cluster.connectAsync(Cluster.java:366)
        at com.datastax.driver.core.Cluster.connect(Cluster.java:311)
        at 
org.apache.cassandra.utils.NativeSSTableLoaderClient.init(NativeSSTableLoaderClient.java:75)
        at 
org.apache.cassandra.io.sstable.SSTableLoader.stream(SSTableLoader.java:183)
        at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:79)
        at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:51)
{noformat}

Here's the sstableloader command that is being issued:

{noformat}
subprocess.CalledProcessError: Command 
'['/Users/adejanovski/.ccm/repository/githubCOLONjonmeredithSLASHC16362/bin/sstableloader',
 '-d', '127.0.0.1', '--conf-path', 
'/Users/adejanovski/.ccm/scenario11/node1/conf/cassandra.yaml', '--username', 
'cassandra', '--password', 'cassandra', '--no-progress', 
'/tmp/medusa-restore-97ec3e11-426a-4924-8bc0-379e99ff2205/system_distributed/repair_history-759fffad624b318180eefa9a52d1f627',
 '-ts', 
'/Users/adejanovski/projets/cassandra/thelastpickle/cassandra-medusa/tests/resources/local_with_ssl/generic-server-truststore.jks',
 '-tspw', 'truststorePass1', '-ks', 
'/Users/adejanovski/projets/cassandra/thelastpickle/cassandra-medusa/tests/resources/local_with_ssl/127.0.0.1.jks',
 '-kspw', 'testdata1']'
{noformat}

Is there a problem with the default SSL protocol version? Should we enforce it 
when invoking sstableloader?


> SSLFactory should initialize SSLContext before setting protocols
> ----------------------------------------------------------------
>
>                 Key: CASSANDRA-16362
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16362
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tool/bulk load
>            Reporter: Erik Merkle
>            Assignee: Jon Meredith
>            Priority: Normal
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Trying to use sstableloader from the latest trunk produced the following 
> Exception:
> {quote}
> Exception in thread "main" java.lang.RuntimeException: Could not create SSL 
> Context.
>       at 
> org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:261)
>       at org.apache.cassandra.tools.BulkLoader.load(BulkLoader.java:64)
>       at org.apache.cassandra.tools.BulkLoader.main(BulkLoader.java:49)
> Caused by: java.io.IOException: Error creating/initializing the SSL Context
>       at 
> org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:184)
>       at 
> org.apache.cassandra.tools.BulkLoader.buildSSLOptions(BulkLoader.java:257)
>       ... 2 more
> Caused by: java.lang.IllegalStateException: SSLContext is not initialized
>       at 
> sun.security.ssl.SSLContextImpl.engineGetSocketFactory(SSLContextImpl.java:208)
>       at javax.net.ssl.SSLContextSpi.getDefaultSocket(SSLContextSpi.java:158)
>       at 
> javax.net.ssl.SSLContextSpi.engineGetDefaultSSLParameters(SSLContextSpi.java:184)
>       at javax.net.ssl.SSLContext.getDefaultSSLParameters(SSLContext.java:435)
>       at 
> org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:178)
>       ... 3 more
> {quote}
> I believe this is because of a change to SSLFactory for CASSANDRA-13325 here:
> [https://github.com/apache/cassandra/commit/919a8964a83511d96766c3e53ba603e77bca626c#diff-0d569398cfd58566fc56bfb80c971a72afe3f392addc2df731a0b44baf29019eR177-R178]
>  
> I think the solution is to call {{ctx.init()}} before trying to call 
> {{ctx.getDefaultSSLParameters()}}, essentialy swapping the two lines in the 
> link above.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to