Hey All,

Figured I'd shoot off an email before looking into issue reporting, in case
this is a product of my own stupidity rather than an actual bug.

I'm trying to get MiNiFi communicating with a NiFi cluster on an internal
network running with SSL.  I'm able to connect to NiFi from a web browser
after importing the correct certificates, but attempting to actually
transfer a file with minifi produces the following result:

[2018-02-09 15:45:55.136] [main] [info] MiNiFi started
[2018-02-09 15:45:57.923] [org::apache::nifi::minifi::processors::GetFile]
[info] GetFile process
/home/jonah/optimus/data/dynamic/ready_logs/testcopy2.txt
[2018-02-09 15:45:58.339] [org::apache::nifi::minifi::utils::HTTPClient]
[debug] Setting callback for
[2018-02-09 15:45:58.401] [org::apache::nifi::minifi::core::ProcessSession]
[info] Transferring 3b086abc-0dda-11e8-ab09-c85b769e9522 from GetFile to
relationship success
[2018-02-09 15:45:58.438]
[org::apache::nifi::minifi::RemoteProcessorGroupPort] [debug] Refreshing
the peer list since there are none configured.
[2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient]
[debug] https://rs0.internal.optimusride.com:9093/nifi-api/site-to-site is
a secure url
[2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient]
[debug] Submitting to
https://rs0.internal.optimusride.com:9093/nifi-api/site-to-site
[2018-02-09 15:45:58.553] [org::apache::nifi::minifi::utils::HTTPClient]
[error] curl_easy_perform() failed Peer certificate cannot be authenticated
with given CA certificates

[2018-02-09 15:45:58.553]
[org::apache::nifi::minifi::RemoteProcessorGroupPort] [error]
ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform() failed

[2018-02-09 15:45:58.553]
[org::apache::nifi::minifi::RemoteProcessorGroupPort] [debug] Obtained
protocol from available_protocols_
[2018-02-09 15:45:58.553]
[org::apache::nifi::minifi::RemoteProcessorGroupPort] [info] no protocol,
yielding
[2018-02-09 15:46:01.541] [org::apache::nifi::minifi::utils::HTTPClient]
[debug] Setting callback for
[2018-02-09 15:46:02.701] [org::apache::nifi::minifi::FlowController]
[info] Stop Flow Controller
[2018-02-09 15:46:04.748] [org::apache::nifi::minifi::utils::HTTPClient]
[debug] Setting callback for
[2018-02-09 15:46:05.137] [org::apache::nifi::minifi::FlowController]
[info] Unload Flow Controller
[2018-02-09 15:46:05.137] [main] [info] MiNiFi exit

I'm not entirely sure what I'm doing wrong here, I'm fairly sure my
certificate setup is fine.  NiFi's keystore has a cert/private key signed
by a CA i self-signed and created locally, it's truststore has the public
key that corresponds to the client certificate and private key on MiNiFi,
and MiNiFi has the certificate used to sign the one in NiFi's keystore.

The best guess I have stems from the fact that the log message <url> is a
secure url occurs, but the message that configure_secure_connection(CURL
*http_session) should play if it runs doesn't come up, which leads me to
beleive that ssl_context_service_ isn't initialized properly for some
reason (see line 129 in /extensions/http-curl/HTTPClient.cpp, only place I
see either of those methods called).

Let me know if you have any insight on this, frankly I haven't found much
documentation on the SSL setup for MiNiFi at all, so it's totally possible
I did something horribly wrong there.  I'd also be happy to make a bug
report if y'all think this warrants one.

Best,
Jonah.

Reply via email to