ciiiii opened a new issue, #17109: URL: https://github.com/apache/pulsar/issues/17109
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Version Pulsar Version: 2.9.2 pulsar-client=='2.10.0' ### Minimal reproduce step Deploy Broker with JWT Authentication enabled, configure TLS encryption on Pulsar Proxy or Reverse Proxy. ### What did you expect to see? Connect to Cluster and produce message successfully. ### What did you see instead? Can't verify the hostname ``` [192.168.50.160:65007 -> 54.164.25.155:6651] Handshake failed: certificate verify failed (SSL routines, tls_process_server_certificate) Error Checking/Getting Partition Metadata while creating producer on persistent://public/default/test1 -- ConnectError Traceback (most recent call last): File "/Users/cai/streamnative/clients/py_client/main.py", line 21, in <module> producer = client.create_producer(topic='public/default/test1') File "/Users/cai/.pyenv/versions/3.9.11/lib/python3.9/site-packages/pulsar/__init__.py", line 603, in create_producer p._producer = self._client.create_producer(topic, conf) _pulsar.ConnectError: Pulsar error: ConnectError 2022-08-16 13:22:39.722 DEBUG [0x101410580] ClientImpl:582 | ConnectionPool is closed 2022-08-16 13:22:39.722 DEBUG [0x101410580] ClientImpl:584 | ioExecutorProvider_ is closed 2022-08-16 13:22:39.722 DEBUG [0x101410580] ClientImpl:586 | listenerExecutorProvider_ is closed 2022-08-16 13:22:39.722 DEBUG [0x101410580] ClientImpl:588 | partitionListenerExecutorProvider_ is closed ``` ### Anything else? ## Cert Info Service Url(cys-tls-broker.cys-dev.test.aws.sn2.dev) can be covered by both CN or DNSNames ``` CN: *.cys-dev.test.aws.sn2.dev DNS:*.cys-dev.test.aws.sn2.dev ``` ## Curl test ```bash ➜ curl https://cys-tls-broker.cys-dev.test.aws.sn2.dev <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 404 Not Found</title> </head> <body><h2>HTTP ERROR 404 Not Found</h2> <table> <tr><th>URI:</th><td>/</td></tr> <tr><th>STATUS:</th><td>404</td></tr> <tr><th>MESSAGE:</th><td>Not Found</td></tr> <tr><th>SERVLET:</th><td>org.glassfish.jersey.servlet.ServletContainer-30aec673</td></tr> </table> <hr><a href="https://eclipse.org/jetty";>Powered by Jetty:// 9.4.43.v20210629</a><hr/> </body> </html> ``` ## Code example ```python import logging import pulsar from pulsar import AuthenticationToken logger = logging.Logger(name="pulsar", level=logging.DEBUG) url = 'pulsar+ssl://cys-tls-broker.cys-dev.test.aws.sn2.dev:6651' client = pulsar.Client(url, tls_validate_hostname=True, logger=logger, use_tls=True, tls_allow_insecure_connection=False, authentication=AuthenticationToken( '--TOKEN STRING--')) producer = client.create_producer(topic='public/default/test1') i = 0 while True: producer.send(('Hello-%d' % i).encode('utf-8')) i = i+1 ``` ### Are you willing to submit a PR? - [X] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
