lhotari commented on PR #19455:
URL: https://github.com/apache/pulsar/pull/19455#issuecomment-1425432593
This reproduces consistently for me locally. Error message was "No subject
alternative DNS name matching pop-os.localdomain found." Perhaps in your local
environment, the default hostname is "localhost" or "127.0.0.1". On Linux, it's
usually something else than that. I guess this is where MacOSX differs.
Full error
```
2023-02-10T10:44:51,221 - WARN - [pulsar-client-io-49-3:ClientCnx@280] -
Error during handshake
javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1907)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:834)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:564) ~[?:?]
at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1041)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:927)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1409)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1247)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1287)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
~[netty-codec-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
~[netty-codec-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
~[netty-codec-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
~[netty-transport-classes-epoll-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
~[netty-transport-classes-epoll-4.1.87.Final.jar:4.1.87.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
~[netty-transport-classes-epoll-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
~[netty-common-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
~[netty-common-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
~[netty-common-4.1.87.Final.jar:4.1.87.Final]
at java.lang.Thread.run(Thread.java:833) ~[?:?]
Caused by: java.security.cert.CertificateException: No subject alternative
DNS name matching pop-os.localdomain found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:212)
~[?:?]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:103)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:458)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:418)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:292)
~[?:?]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
~[?:?]
at
io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:234)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:779)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.internal.tcnative.CertificateVerifierTask.runTask(CertificateVerifierTask.java:36)
~[netty-tcnative-classes-2.0.56.Final.jar:2.0.56.Final]
at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:48)
~[netty-tcnative-classes-2.0.56.Final.jar:2.0.56.Final]
at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:42)
~[netty-tcnative-classes-2.0.56.Final.jar:2.0.56.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.runAndResetNeedTask(ReferenceCountedOpenSslEngine.java:1496)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.access$700(ReferenceCountedOpenSslEngine.java:94)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine$TaskDecorator.run(ReferenceCountedOpenSslEngine.java:1471)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1549)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1395)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
... 19 more
2023-02-10T10:44:51,228 - WARN -
[pulsar-proxy-io-37-2:DefaultChannelPipeline@1152] - An exceptionCaught() event
was fired, and it reached at the tail of the pipeline. It usually means the
last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException:
javax.net.ssl.SSLHandshakeException: error:10000438:SSL
routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
~[netty-codec-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
~[netty-codec-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.flush.FlushConsolidationHandler.channelRead(FlushConsolidationHandler.java:152)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
~[netty-transport-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
~[netty-transport-classes-epoll-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
~[netty-transport-classes-epoll-4.1.87.Final.jar:4.1.87.Final]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
~[netty-transport-classes-epoll-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
~[netty-common-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
~[netty-common-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
~[netty-common-4.1.87.Final.jar:4.1.87.Final]
at java.lang.Thread.run(Thread.java:833) ~[?:?]
Caused by: javax.net.ssl.SSLHandshakeException: error:10000438:SSL
routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.shutdownWithError(ReferenceCountedOpenSslEngine.java:1086)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1377)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1317)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1404)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1447)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:222)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1343)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1247)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1287)
~[netty-handler-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
~[netty-codec-4.1.87.Final.jar:4.1.87.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
~[netty-codec-4.1.87.Final.jar:4.1.87.Final]
... 19 more
```
here's the fix: ea2b07d56d89b2b66b5e5ad7b8ad10da0357ac69 .
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
