Hi, I'm having issues while validating the fix related to the hostname verification: https://github.com/apache/pulsar-client-cpp/pull/126 My usecase is with a valid TLS certificate signed by a CA (not a self-signed one).
My code is very simple (see below): it creates a client with token auth + TLS and sends some messages. It works well with node client 1.7.0 with cpp client 3.1.2 It fails with node client 1.8.0 (as expected) It still fails with the rc: 1.8.1-rc.1 (I'm installing the dependency with "npm i pulsar-client@1.8.1-rc.1 --pulsar_binary_host_mirror= https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/"; The error I'm seeing is this one: [INFO][ClientConnection:388] Connected to broker [ERROR][ClientConnection:488] Handshake failed: certificate verify failed (SSL routines, tls_process_server_certificate) [INFO][ClientConnection:1600] Connection closed with ConnectError Note that setting `tlsValidateHostname: true` "resolves" the problem, however it's not acceptable as you know. I'm pretty sure that it's related to the cpp client dependency, however I'm not very familiar with it and how it's bundled in the node client >= 1.8.0 Is there a way to verify if the bundled cpp client is actually the expected one? This is the code snippet: ``` const tokenStr = asToken; const pulsarUri = pulsarUrl; const topicName = asTopic; const auth = new Pulsar.AuthenticationToken({ token: tokenStr }); const client = new Pulsar.Client({ serviceUrl: pulsarUri, authentication: auth, operationTimeoutSeconds: 30, tlsCertificateFilePath: "", tlsValidateHostname: false }); Pulsar.Client.setLogHandler((level, file, line, message) => { console.log('[%s][%s:%d] %s', Pulsar.LogLevel.toString(level), file, line, message); }); const producer = await client.createProducer({ topic: topicName, }) for (let i = 0; i < 10; i += 1) { await producer.send({ data: Buffer.from("nodejs-message-" + i), }); console.log("send message " + i); } await producer.flush(); await producer.close(); await client.close(); ``` Thanks, Nicolò Boschi Il giorno mer 22 feb 2023 alle ore 08:02 Yunze Xu <y...@streamnative.io.invalid> ha scritto: > +1 (binding) > * Verified checksum and signature > * Build from source > * Install from npm on Ubuntu 20.04 > * Run an end-to-end test with custom `tlsTrustCertsFilePath` config on > StreamNative cloud with OAuth2 authentication > > BTW, from the discussion here [1], it would be better to use > https://downloads.apache.org/pulsar/KEYS as the KEYS, > > [1] https://lists.apache.org/thread/f9w430oqpm0g72b1htwbtc8y3mfqf8r6 > > Thanks, > Yunze > > On Mon, Feb 20, 2023 at 5:36 PM Nozomi Kurihara <nkuri...@apache.org> > wrote: > > > > +1 (binding) > > > > * checked license headers > > * verified checksum and signature > > * install from npm and run producer/consumer > > > > Thanks, > > Nozomi > > > > 2023年2月17日(金) 19:12 Baodi Shi <ba...@apache.org>: > > > > > Hi everyone, > > > > > > This is the first release candidate for Apache Pulsar Node.js client, > > > version 1.8.1. > > > > > > It fixes the following > > > issues: > > > > https://github.com/apache/pulsar-client-node/pulls?q=is%3Apr+label%3Arelease%2Fv1.8.1+is%3Aclosed > > > > > > Please download the source files and review this release candidate: > > > - Download the source package, verify shasum and asc > > > - Follow the README.md to build and run the Pulsar Node.js client. > > > > > > The release candidate package has been published to the npm > > > registry:https://www.npmjs.com/package/pulsar-client/v/1.8.1-rc.1 > > > You can install it by `npm i pulsar-client@1.8.1-rc.1 > > > --pulsar_binary_host_mirror= > > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/` > <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/> > > > <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/> > > > and verify the package. > > > > > > The vote will be open for at least 72 hours. It is adopted by majority > > > approval, with at least 3 PMC affirmative votes. > > > > > > Source files: > > > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/pulsar-client-node-1.8.1-rc.1/ > > > > > > Pulsar's KEYS file containing PGP keys we use to sign the > > > release:https://dist.apache.org/repos/dist/dev/pulsar/KEYS > > > > > > SHA-512 checksum: > > > > > > > ed89b4ad467d3cb75ed37096b35d91b872cd93d36cd953512fc7edcb75dbac5162592f6f51b5ab08f26b3dca1c57a3d3fe7a5e4f109551c66943a5b09392d51a > > > apache-pulsar-client-node-1.8.1.tar.gz > > > The tag to be voted upon: > > > v1.8.1-rc.1(3e843f0) > > > https://github.com/apache/pulsar-client-node/releases/tag/v1.8.1-rc.1 > > > > > > Please review and vote on the release candidate #1 for the version > > > 1.8.1, as follows: > > > [ ] +1, Approve the release > > > [ ] -1, Do not approve the release (please provide specific comments) > > > > > > > > > > > > > > > Thanks, > > > Baodi Shi > > > >
