Yes, I'm on MacOS
Adding the explicit path to the system CA worked, thanks.
I wonder why it wasn't needed in 1.7.0 and now it's required in 1.8.1.
This can be problematic for users because the client upgrade requires code
changes and redeployment.
Maybe it's a regression from 1.8.0, but I think that we need to get that
fixed in 1.8.1
Nicolò Boschi
Il giorno mer 22 feb 2023 alle ore 10:17 Baodi Shi <ba...@apache.org> ha
scritto:
> Hi, @Nicolò Boschi <boschi1...@gmail.com>
>
> Is your system macOS(arm64)?
>
> Maybe you should set tlsTrustCertsFilePath:
>
> const client = new Pulsar.Client({
> tlsTrustCertsFilePath:'/etc/ssl/cert.pem',
> });
>
>
>
>
> Thanks,
> Baodi Shi
>
>
> 在 2023年2月22日 15:59:28 上,Nicolò Boschi <boschi1...@gmail.com> 写道:
>
>> Hi,
>>
>> I'm having issues while validating the fix related to the hostname
>> verification: https://github.com/apache/pulsar-client-cpp/pull/126
>> My usecase is with a valid TLS certificate signed by a CA (not a
>> self-signed one).
>>
>> My code is very simple (see below): it creates a client with token auth +
>> TLS and sends some messages.
>>
>> It works well with node client 1.7.0 with cpp client 3.1.2
>> It fails with node client 1.8.0 (as expected)
>> It still fails with the rc: 1.8.1-rc.1
>>
>> (I'm installing the dependency with "npm i pulsar-client@1.8.1-rc.1
>> --pulsar_binary_host_mirror=
>> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/";
>>
>> The error I'm seeing is this one:
>>
>> [INFO][ClientConnection:388] Connected to broker
>> [ERROR][ClientConnection:488] Handshake failed: certificate verify failed
>> (SSL routines, tls_process_server_certificate)
>> [INFO][ClientConnection:1600] Connection closed with ConnectError
>>
>> Note that setting `tlsValidateHostname: true` "resolves" the problem,
>> however it's not acceptable as you know.
>>
>> I'm pretty sure that it's related to the cpp client dependency, however
>> I'm
>> not very familiar with it and how it's bundled in the node client >= 1.8.0
>> Is there a way to verify if the bundled cpp client is actually the
>> expected one?
>>
>>
>>
>> This is the code snippet:
>> ```
>> const tokenStr = asToken;
>> const pulsarUri = pulsarUrl;
>> const topicName = asTopic;
>>
>> const auth = new Pulsar.AuthenticationToken({ token: tokenStr });
>> const client = new Pulsar.Client({
>> serviceUrl: pulsarUri,
>> authentication: auth,
>> operationTimeoutSeconds: 30,
>> tlsCertificateFilePath: "",
>> tlsValidateHostname: false
>> });
>> Pulsar.Client.setLogHandler((level, file, line, message) => {
>> console.log('[%s][%s:%d] %s', Pulsar.LogLevel.toString(level), file,
>> line, message);
>> });
>>
>> const producer = await client.createProducer({
>> topic: topicName,
>> })
>>
>> for (let i = 0; i < 10; i += 1) {
>> await producer.send({
>> data: Buffer.from("nodejs-message-" + i),
>> });
>> console.log("send message " + i);
>> }
>> await producer.flush();
>> await producer.close();
>> await client.close();
>>
>> ```
>>
>> Thanks,
>> Nicolò Boschi
>>
>>
>> Il giorno mer 22 feb 2023 alle ore 08:02 Yunze Xu
>> <y...@streamnative.io.invalid> ha scritto:
>>
>> +1 (binding)
>>
>> * Verified checksum and signature
>>
>> * Build from source
>>
>> * Install from npm on Ubuntu 20.04
>>
>> * Run an end-to-end test with custom `tlsTrustCertsFilePath` config on
>>
>> StreamNative cloud with OAuth2 authentication
>>
>>
>> BTW, from the discussion here [1], it would be better to use
>>
>> https://downloads.apache.org/pulsar/KEYS as the KEYS,
>>
>>
>> [1] https://lists.apache.org/thread/f9w430oqpm0g72b1htwbtc8y3mfqf8r6
>>
>>
>> Thanks,
>>
>> Yunze
>>
>>
>> On Mon, Feb 20, 2023 at 5:36 PM Nozomi Kurihara <nkuri...@apache.org>
>>
>> wrote:
>>
>> >
>>
>> > +1 (binding)
>>
>> >
>>
>> > * checked license headers
>>
>> > * verified checksum and signature
>>
>> > * install from npm and run producer/consumer
>>
>> >
>>
>> > Thanks,
>>
>> > Nozomi
>>
>> >
>>
>> > 2023年2月17日(金) 19:12 Baodi Shi <ba...@apache.org>:
>>
>> >
>>
>> > > Hi everyone,
>>
>> > >
>>
>> > > This is the first release candidate for Apache Pulsar Node.js client,
>>
>> > > version 1.8.1.
>>
>> > >
>>
>> > > It fixes the following
>>
>> > > issues:
>>
>> > >
>>
>>
>> https://github.com/apache/pulsar-client-node/pulls?q=is%3Apr+label%3Arelease%2Fv1.8.1+is%3Aclosed
>>
>> > >
>>
>> > > Please download the source files and review this release candidate:
>>
>> > > - Download the source package, verify shasum and asc
>>
>> > > - Follow the README.md to build and run the Pulsar Node.js client.
>>
>> > >
>>
>> > > The release candidate package has been published to the npm
>>
>> > > registry:https://www.npmjs.com/package/pulsar-client/v/1.8.1-rc.1
>>
>> > > You can install it by `npm i pulsar-client@1.8.1-rc.1
>>
>> > > --pulsar_binary_host_mirror=
>>
>> > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/`
>> <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/>
>>
>> <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/>
>>
>> > > <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/>
>>
>> > > and verify the package.
>>
>> > >
>>
>> > > The vote will be open for at least 72 hours. It is adopted by majority
>>
>> > > approval, with at least 3 PMC affirmative votes.
>>
>> > >
>>
>> > > Source files:
>>
>> > >
>>
>>
>> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/pulsar-client-node-1.8.1-rc.1/
>>
>> > >
>>
>> > > Pulsar's KEYS file containing PGP keys we use to sign the
>>
>> > > release:https://dist.apache.org/repos/dist/dev/pulsar/KEYS
>>
>> > >
>>
>> > > SHA-512 checksum:
>>
>> > >
>>
>> > >
>>
>>
>> ed89b4ad467d3cb75ed37096b35d91b872cd93d36cd953512fc7edcb75dbac5162592f6f51b5ab08f26b3dca1c57a3d3fe7a5e4f109551c66943a5b09392d51a
>>
>> > > apache-pulsar-client-node-1.8.1.tar.gz
>>
>> > > The tag to be voted upon:
>>
>> > > v1.8.1-rc.1(3e843f0)
>>
>> > > https://github.com/apache/pulsar-client-node/releases/tag/v1.8.1-rc.1
>>
>> > >
>>
>> > > Please review and vote on the release candidate #1 for the version
>>
>> > > 1.8.1, as follows:
>>
>> > > [ ] +1, Approve the release
>>
>> > > [ ] -1, Do not approve the release (please provide specific comments)
>>
>> > >
>>
>> > >
>>
>> > >
>>
>> > >
>>
>> > > Thanks,
>>
>> > > Baodi Shi
>>
>> > >
>>
>>
>>
