BewareMyPower commented on issue #184: URL: https://github.com/apache/pulsar-client-cpp/issues/184#issuecomment-1412272890
It seems to be caused by the packaging style. It's very similar to this issue: https://github.com/apache/pulsar-client-node/issues/281 I did some experiements with the Python client. Given the following similar Python script. ```python #!/bin/env python3 import pulsar pulsar_url = "pulsar+ssl://test-auth.sndev.snio.cloud:6651" pulsar_oauth_params = '''{ "issuer_url": "https://auth.streamnative.cloud/";, "private_key": "YOUR-KEY-FILE-PATH", "audience": "urn:sn:pulsar:sndev:test-auth" }''' pulsar_topic = "persistent://public/default/my-topic" if __name__ == "__main__": client = pulsar.Client( pulsar_url, authentication=pulsar.AuthenticationOauth2(pulsar_oauth_params), ) producer = client.create_producer(topic=pulsar_topic) producer.send(f"hello".encode('utf-8')) producer.close() client.close() ``` I tried two ways to install the Python wheel (on Ubuntu 20.04). ### 1. [OK] Build from source. ```bash git clone [email protected]:apache/pulsar-client-python.git -b v3.1.0-candidate-1 git submodule update --init cmake -B build cmake --build build cp build/lib_pulsar.so . python3 ./setup.py bdist_wheel sudo pip3 install dist/pulsar_client-3.1.0a1-cp38-cp38-linux_x86_64.whl --force-reinstall ``` The output: ``` 2023-02-01 23:32:32.731 INFO [139771614631680] ClientConnection:189 | [<none> -> pulsar+ssl://test-auth.sndev.snio.cloud:6651] Create ClientConnection, timeout=10000 2023-02-01 23:32:32.739 INFO [139771614631680] ConnectionPool:97 | Created connection for pulsar://test-auth-broker-0.test-auth-broker-headless.sndev.svc.cluster.local:6650 2023-02-01 23:32:33.027 INFO [139771614631680] ClientConnection:388 | [MY_LOCAL_IP:42426 -> REMOTE_IP:6651] Connected to broker through proxy. Logical broker: pulsar://test-auth-broker-0.test-auth-broker-headless.sndev.svc.cluster.local:6650 ``` We can see the handshake succeeded and the client connected to **the proxy** ### 2. [FAILED] Install the existing wheel ```bash curl -O -L https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-python-3.1.0-candidate-1/linux-glibc-x86_64/pulsar_client-3.1.0a1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl sudo pip3 install dist/pulsar_client-3.1.0a1-cp38-cp38-linux_x86_64.whl --force-reinstall ``` The output: ``` 2023-02-01 23:34:37.694 ERROR [139763784525632] AuthOauth2:223 | Response failed for getting the well-known configuration https://auth.streamnative.cloud/. Error Code 77: error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none 2023-02-01 23:34:37.695 INFO [139763784525632] ConnectionPool:97 | Created connection for pulsar+ssl://test-auth.sndev.snio.cloud:6651 2023-02-01 23:34:38.058 INFO [139763747448576] ClientConnection:386 | [MY_LOCAL_IP:48482 -> REMOTE_IP:6651] Connected to broker 2023-02-01 23:34:38.819 ERROR [139763747448576] ClientConnection:496 | [MY_LOCAL_IP:48482 -> REMOTE_IP:6651] Failed to establish connection: AuthenticationError ``` ### Conclusion The cause might be https://github.com/apache/pulsar/pull/16064, which is related to a CVE. We need to document the workround or change the way to build the client library. /cc @merlimat @shibd @RobertIndie -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
