GitHub user duncaan closed a discussion: Issue with TLS after upgrading from 2.8.x
Hello, I recently upgraded our staging cluster from 2.8 to 3.0.6. The majority of components seem to work just fine, but the toolset and pulsar-manager do not seem to be working with TLS enabled. If I disable this in the configmap, I'm able to do whatever I would normally like to do, but upon enabling, I get errors like this: ``` pulsar@pulsar-staging-toolset-0:/pulsar$ bin/pulsar-admin namespaces list mi 2024-10-07T18:43:37,978+0000 [main] DEBUG org.apache.pulsar.client.admin.PulsarAdmin - created: serviceUrl=https://pulsar-staging-proxy:443/, authMethodName=token 2024-10-07T18:43:38,568+0000 [main] DEBUG org.apache.pulsar.common.util.SecurityUtility - Found and Instantiated Bouncy Castle provider in classpath BC 2024-10-07T18:43:38,625+0000 [main] DEBUG org.apache.pulsar.common.util.SecurityUtility - Added security provider 'Conscrypt' from class org.conscrypt.OpenSSLProvider 2024-10-07T18:43:38,635+0000 [main] DEBUG io.netty.util.internal.logging.InternalLoggerFactory - Using SLF4J as the default logging framework 2024-10-07T18:43:38,657+0000 [main] DEBUG io.netty.util.ResourceLeakDetector - -Dio.netty.leakDetection.level: disabled 2024-10-07T18:43:38,657+0000 [main] DEBUG io.netty.util.ResourceLeakDetector - -Dio.netty.leakDetection.targetRecords: 4 2024-10-07T18:43:38,677+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - -Dio.netty.noUnsafe: false 2024-10-07T18:43:38,677+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - Java version: 17 2024-10-07T18:43:38,680+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - sun.misc.Unsafe.theUnsafe: available 2024-10-07T18:43:38,681+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - sun.misc.Unsafe base methods: all available 2024-10-07T18:43:38,681+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - sun.misc.Unsafe.storeFence: available 2024-10-07T18:43:38,682+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - java.nio.Buffer.address: available 2024-10-07T18:43:38,683+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - direct buffer constructor: unavailable: Reflective setAccessible(true) disabled 2024-10-07T18:43:38,684+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - java.nio.Bits.unaligned: available, true 2024-10-07T18:43:38,685+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - jdk.internal.misc.Unsafe.allocateUninitializedArray(int): unavailable: class io.netty.util.internal.PlatformDependent0$7 cannot access class jdk.internal.misc.Unsafe (in module java.base) because module java.base does not export jdk.internal.misc to unnamed module @323b36e0 2024-10-07T18:43:38,690+0000 [main] DEBUG io.netty.util.internal.PlatformDependent0 - java.nio.DirectByteBuffer.<init>(long, {int,long}): unavailable 2024-10-07T18:43:38,690+0000 [main] DEBUG io.netty.util.internal.PlatformDependent - sun.misc.Unsafe: available 2024-10-07T18:43:38,690+0000 [main] DEBUG io.netty.util.internal.PlatformDependent - -Dio.netty.tmpdir: /tmp (java.io.tmpdir) 2024-10-07T18:43:38,691+0000 [main] DEBUG io.netty.util.internal.PlatformDependent - -Dio.netty.bitMode: 64 (sun.arch.data.model) 2024-10-07T18:43:38,692+0000 [main] DEBUG io.netty.util.internal.PlatformDependent - -Dio.netty.maxDirectMemory: -1 bytes 2024-10-07T18:43:38,692+0000 [main] DEBUG io.netty.util.internal.PlatformDependent - -Dio.netty.uninitializedArrayAllocationThreshold: -1 2024-10-07T18:43:38,693+0000 [main] DEBUG io.netty.util.internal.CleanerJava9 - java.nio.ByteBuffer.cleaner(): available 2024-10-07T18:43:38,693+0000 [main] DEBUG io.netty.util.internal.PlatformDependent - -Dio.netty.noPreferDirect: false 2024-10-07T18:43:38,702+0000 [main] DEBUG io.netty.buffer.AbstractByteBuf - -Dio.netty.buffer.checkAccessible: true 2024-10-07T18:43:38,702+0000 [main] DEBUG io.netty.buffer.AbstractByteBuf - -Dio.netty.buffer.checkBounds: true 2024-10-07T18:43:38,703+0000 [main] DEBUG io.netty.util.ResourceLeakDetectorFactory - Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@78010562 2024-10-07T18:43:38,708+0000 [main] DEBUG io.netty.util.internal.InternalThreadLocalMap - -Dio.netty.threadLocalMap.stringBuilder.initialSize: 1024 2024-10-07T18:43:38,708+0000 [main] DEBUG io.netty.util.internal.InternalThreadLocalMap - -Dio.netty.threadLocalMap.stringBuilder.maxSize: 4096 2024-10-07T18:43:38,712+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.numHeapArenas: 4 2024-10-07T18:43:38,713+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.numDirectArenas: 4 2024-10-07T18:43:38,713+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.pageSize: 8192 2024-10-07T18:43:38,714+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.maxOrder: 9 2024-10-07T18:43:38,714+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.chunkSize: 4194304 2024-10-07T18:43:38,715+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.smallCacheSize: 256 2024-10-07T18:43:38,715+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.normalCacheSize: 64 2024-10-07T18:43:38,716+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.maxCachedBufferCapacity: 32768 2024-10-07T18:43:38,716+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.cacheTrimInterval: 8192 2024-10-07T18:43:38,717+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.cacheTrimIntervalMillis: 0 2024-10-07T18:43:38,717+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.useCacheForAllThreads: false 2024-10-07T18:43:38,718+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.maxCachedByteBuffersPerChunk: 1023 2024-10-07T18:43:38,718+0000 [main] DEBUG io.netty.buffer.PooledByteBufAllocator - -Dio.netty.allocator.disableCacheFinalizersForFastThreadLocalThreads: false 2024-10-07T18:43:38,726+0000 [main] DEBUG io.netty.buffer.ByteBufUtil - -Dio.netty.allocator.type: pooled 2024-10-07T18:43:38,726+0000 [main] DEBUG io.netty.buffer.ByteBufUtil - -Dio.netty.threadLocalDirectBufferSize: 0 2024-10-07T18:43:38,727+0000 [main] DEBUG io.netty.buffer.ByteBufUtil - -Dio.netty.maxThreadLocalCharBufferSize: 16384 2024-10-07T18:43:38,737+0000 [main] DEBUG io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.workdir: /tmp (io.netty.tmpdir) 2024-10-07T18:43:38,738+0000 [main] DEBUG io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.deleteLibAfterLoading: true 2024-10-07T18:43:38,738+0000 [main] DEBUG io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.tryPatchShadedId: true 2024-10-07T18:43:38,739+0000 [main] DEBUG io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.detectNativeLibraryDuplicates: true 2024-10-07T18:43:38,767+0000 [main] DEBUG io.netty.util.internal.NativeLibraryLoader - Successfully loaded the library /tmp/libnetty_tcnative_linux_x86_648423914568691120844.so 2024-10-07T18:43:38,768+0000 [main] DEBUG io.netty.util.internal.NativeLibraryLoader - Loaded library with name 'netty_tcnative_linux_x86_64' 2024-10-07T18:43:38,768+0000 [main] DEBUG io.netty.handler.ssl.OpenSsl - Initialize netty-tcnative using engine: 'default' 2024-10-07T18:43:38,769+0000 [main] DEBUG io.netty.handler.ssl.OpenSsl - netty-tcnative using native library: BoringSSL 2024-10-07T18:43:38,904+0000 [main] DEBUG io.netty.util.ResourceLeakDetectorFactory - Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@237f7970 2024-10-07T18:43:38,909+0000 [main] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.maxCapacityPerThread: 4096 2024-10-07T18:43:38,909+0000 [main] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.ratio: 8 2024-10-07T18:43:38,909+0000 [main] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.chunkSize: 32 2024-10-07T18:43:38,909+0000 [main] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.blocking: false 2024-10-07T18:43:38,910+0000 [main] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.batchFastThreadLocalOnly: true 2024-10-07T18:43:38,916+0000 [main] DEBUG io.netty.util.internal.PlatformDependent - org.jctools-core.MpscChunkedArrayQueue: available 2024-10-07T18:43:38,926+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 => ECDHE-ECDSA-AES128-GCM-SHA256 2024-10-07T18:43:38,926+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 => ECDHE-ECDSA-AES128-GCM-SHA256 2024-10-07T18:43:38,927+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 => ECDHE-RSA-AES128-GCM-SHA256 2024-10-07T18:43:38,927+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 => ECDHE-RSA-AES128-GCM-SHA256 2024-10-07T18:43:38,927+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 => ECDHE-ECDSA-AES256-GCM-SHA384 2024-10-07T18:43:38,927+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 => ECDHE-ECDSA-AES256-GCM-SHA384 2024-10-07T18:43:38,927+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 => ECDHE-RSA-AES256-GCM-SHA384 2024-10-07T18:43:38,928+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 => ECDHE-RSA-AES256-GCM-SHA384 2024-10-07T18:43:38,928+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 => ECDHE-ECDSA-CHACHA20-POLY1305 2024-10-07T18:43:38,928+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 => ECDHE-ECDSA-CHACHA20-POLY1305 2024-10-07T18:43:38,929+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => ECDHE-RSA-CHACHA20-POLY1305 2024-10-07T18:43:38,929+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 => ECDHE-RSA-CHACHA20-POLY1305 2024-10-07T18:43:38,929+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => ECDHE-PSK-CHACHA20-POLY1305 2024-10-07T18:43:38,929+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 => ECDHE-PSK-CHACHA20-POLY1305 2024-10-07T18:43:38,930+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA => ECDHE-ECDSA-AES128-SHA 2024-10-07T18:43:38,930+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA => ECDHE-ECDSA-AES128-SHA 2024-10-07T18:43:38,930+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA => ECDHE-RSA-AES128-SHA 2024-10-07T18:43:38,930+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA => ECDHE-RSA-AES128-SHA 2024-10-07T18:43:38,931+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA => ECDHE-PSK-AES128-CBC-SHA 2024-10-07T18:43:38,931+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_PSK_WITH_AES_128_CBC_SHA => ECDHE-PSK-AES128-CBC-SHA 2024-10-07T18:43:38,931+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA => ECDHE-ECDSA-AES256-SHA 2024-10-07T18:43:38,931+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA => ECDHE-ECDSA-AES256-SHA 2024-10-07T18:43:38,932+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA => ECDHE-RSA-AES256-SHA 2024-10-07T18:43:38,932+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA => ECDHE-RSA-AES256-SHA 2024-10-07T18:43:38,932+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA => ECDHE-PSK-AES256-CBC-SHA 2024-10-07T18:43:38,932+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_ECDHE_PSK_WITH_AES_256_CBC_SHA => ECDHE-PSK-AES256-CBC-SHA 2024-10-07T18:43:38,933+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_RSA_WITH_AES_128_GCM_SHA256 => AES128-GCM-SHA256 2024-10-07T18:43:38,933+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_RSA_WITH_AES_128_GCM_SHA256 => AES128-GCM-SHA256 2024-10-07T18:43:38,933+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_RSA_WITH_AES_256_GCM_SHA384 => AES256-GCM-SHA384 2024-10-07T18:43:38,933+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_RSA_WITH_AES_256_GCM_SHA384 => AES256-GCM-SHA384 2024-10-07T18:43:38,933+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_RSA_WITH_AES_128_CBC_SHA => AES128-SHA 2024-10-07T18:43:38,933+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_RSA_WITH_AES_128_CBC_SHA => AES128-SHA 2024-10-07T18:43:38,933+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_PSK_WITH_AES_128_CBC_SHA => PSK-AES128-CBC-SHA 2024-10-07T18:43:38,933+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_PSK_WITH_AES_128_CBC_SHA => PSK-AES128-CBC-SHA 2024-10-07T18:43:38,934+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_RSA_WITH_AES_256_CBC_SHA => AES256-SHA 2024-10-07T18:43:38,934+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_RSA_WITH_AES_256_CBC_SHA => AES256-SHA 2024-10-07T18:43:38,934+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: TLS_PSK_WITH_AES_256_CBC_SHA => PSK-AES256-CBC-SHA 2024-10-07T18:43:38,934+0000 [main] DEBUG io.netty.handler.ssl.CipherSuiteConverter - Cipher suite mapping: SSL_PSK_WITH_AES_256_CBC_SHA => PSK-AES256-CBC-SHA 2024-10-07T18:43:38,934+0000 [main] DEBUG io.netty.handler.ssl.OpenSsl - Supported protocols (OpenSSL): [SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3] 2024-10-07T18:43:38,934+0000 [main] DEBUG io.netty.handler.ssl.OpenSsl - Default cipher suites (OpenSSL): [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256] 2024-10-07T18:43:38,957+0000 [main] DEBUG io.netty.util.ResourceLeakDetectorFactory - Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@4993febc 2024-10-07T18:43:38,976+0000 [main] DEBUG io.netty.util.concurrent.GlobalEventExecutor - -Dio.netty.globalEventExecutor.quietPeriodSeconds: 1 2024-10-07T18:43:38,992+0000 [main] DEBUG io.netty.channel.MultithreadEventLoopGroup - -Dio.netty.eventLoopThreads: 4 2024-10-07T18:43:39,002+0000 [main] DEBUG io.netty.channel.nio.NioEventLoop - -Dio.netty.noKeySetOptimization: false 2024-10-07T18:43:39,002+0000 [main] DEBUG io.netty.channel.nio.NioEventLoop - -Dio.netty.selectorAutoRebuildThreshold: 512 2024-10-07T18:43:39,646+0000 [jersey-client-async-executor-0] DEBUG io.netty.channel.DefaultChannelId - -Dio.netty.processId: 325 (auto-detected) 2024-10-07T18:43:39,649+0000 [jersey-client-async-executor-0] DEBUG io.netty.util.NetUtil - -Djava.net.preferIPv4Stack: true 2024-10-07T18:43:39,649+0000 [jersey-client-async-executor-0] DEBUG io.netty.util.NetUtil - -Djava.net.preferIPv6Addresses: false 2024-10-07T18:43:39,650+0000 [jersey-client-async-executor-0] DEBUG io.netty.util.NetUtilInitializations - Loopback interface: lo (lo, 127.0.0.1) 2024-10-07T18:43:39,652+0000 [jersey-client-async-executor-0] DEBUG io.netty.util.NetUtil - /proc/sys/net/core/somaxconn: 4096 2024-10-07T18:43:39,653+0000 [jersey-client-async-executor-0] DEBUG io.netty.channel.DefaultChannelId - -Dio.netty.machineId: ca:57:f4:ff:fe:3c:51:a2 (auto-detected) 2024-10-07T18:43:39,676+0000 [jersey-client-async-executor-0] DEBUG io.netty.bootstrap.ChannelInitializerExtensions - -Dio.netty.bootstrap.extensions: null 2024-10-07T18:43:39,714+0000 [AsyncHttpClient-7-1] DEBUG io.netty.util.ResourceLeakDetectorFactory - Loaded default ResourceLeakDetector: io.netty.util.ResourceLeakDetector@7a2213ea 2024-10-07T18:43:39,770+0000 [AsyncHttpClient-7-1] DEBUG io.netty.handler.ssl.ReferenceCountedOpenSslContext - verification of certificate failed sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[?:?] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[?:?] at sun.security.validator.Validator.validate(Validator.java:264) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[?:?] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[?:?] at io.netty.handler.ssl.EnhancingX509ExtendedTrustManager.checkServerTrusted(EnhancingX509ExtendedTrustManager.java:69) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:235) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:801) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.internal.tcnative.CertificateVerifierTask.runTask(CertificateVerifierTask.java:36) ~[io.netty-netty-tcnative-classes-2.0.66.Final.jar:2.0.66.Final] at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:48) ~[io.netty-netty-tcnative-classes-2.0.66.Final.jar:2.0.66.Final] at io.netty.internal.tcnative.SSLTask.run(SSLTask.java:42) ~[io.netty-netty-tcnative-classes-2.0.66.Final.jar:2.0.66.Final] at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.runAndResetNeedTask(ReferenceCountedOpenSslEngine.java:1538) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.access$700(ReferenceCountedOpenSslEngine.java:94) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.ssl.ReferenceCountedOpenSslEngine$TaskDecorator.run(ReferenceCountedOpenSslEngine.java:1510) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1671) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1517) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1358) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1407) ~[io.netty-netty-handler-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530) ~[io.netty-netty-codec-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469) ~[io.netty-netty-codec-4.1.113.Final.jar:4.1.113.Final] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[io.netty-netty-codec-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:724) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:650) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[io.netty-netty-transport-4.1.113.Final.jar:4.1.113.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[io.netty-netty-common-4.1.113.Final.jar:4.1.113.Final] at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[io.netty-netty-common-4.1.113.Final.jar:4.1.113.Final] at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) ~[io.netty-netty-common-4.1.113.Final.jar:4.1.113.Final] at java.lang.Thread.run(Thread.java:840) ~[?:?] Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148) ~[?:?] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129) ~[?:?] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[?:?] ... 36 more ``` I do have a certificate on the proxy that I purchased from a registrar, so it's not the normal self-signed certificate. This worked just fine in previous versions of pulsar. Any suggestions of what might work to fix this? GitHub link: https://github.com/apache/pulsar/discussions/23408 ---- This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org
