The problem reported by Nicolò seems a real show stopper
-1 (binding)
Is there any volunteer on fixing the problem ?
I think that most of Production users use TLS and this problem prevent
anyone to upgrade from 1.7.x to 1.8.x
Enrico
Il giorno mer 22 feb 2023 alle ore 10:33 Nicolò Boschi
<boschi1...@gmail.com> ha scritto:
>
> Yes, I'm on MacOS
>
> Adding the explicit path to the system CA worked, thanks.
>
> I wonder why it wasn't needed in 1.7.0 and now it's required in 1.8.1.
> This can be problematic for users because the client upgrade requires code
> changes and redeployment.
> Maybe it's a regression from 1.8.0, but I think that we need to get that
> fixed in 1.8.1
>
> Nicolò Boschi
>
>
> Il giorno mer 22 feb 2023 alle ore 10:17 Baodi Shi <ba...@apache.org> ha
> scritto:
>
> > Hi, @Nicolò Boschi <boschi1...@gmail.com>
> >
> > Is your system macOS(arm64)?
> >
> > Maybe you should set tlsTrustCertsFilePath:
> >
> > const client = new Pulsar.Client({
> > tlsTrustCertsFilePath:'/etc/ssl/cert.pem',
> > });
> >
> >
> >
> >
> > Thanks,
> > Baodi Shi
> >
> >
> > 在 2023年2月22日 15:59:28 上,Nicolò Boschi <boschi1...@gmail.com> 写道:
> >
> >> Hi,
> >>
> >> I'm having issues while validating the fix related to the hostname
> >> verification: https://github.com/apache/pulsar-client-cpp/pull/126
> >> My usecase is with a valid TLS certificate signed by a CA (not a
> >> self-signed one).
> >>
> >> My code is very simple (see below): it creates a client with token auth +
> >> TLS and sends some messages.
> >>
> >> It works well with node client 1.7.0 with cpp client 3.1.2
> >> It fails with node client 1.8.0 (as expected)
> >> It still fails with the rc: 1.8.1-rc.1
> >>
> >> (I'm installing the dependency with "npm i pulsar-client@1.8.1-rc.1
> >> --pulsar_binary_host_mirror=
> >> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/";
> >>
> >> The error I'm seeing is this one:
> >>
> >> [INFO][ClientConnection:388] Connected to broker
> >> [ERROR][ClientConnection:488] Handshake failed: certificate verify failed
> >> (SSL routines, tls_process_server_certificate)
> >> [INFO][ClientConnection:1600] Connection closed with ConnectError
> >>
> >> Note that setting `tlsValidateHostname: true` "resolves" the problem,
> >> however it's not acceptable as you know.
> >>
> >> I'm pretty sure that it's related to the cpp client dependency, however
> >> I'm
> >> not very familiar with it and how it's bundled in the node client >= 1.8.0
> >> Is there a way to verify if the bundled cpp client is actually the
> >> expected one?
> >>
> >>
> >>
> >> This is the code snippet:
> >> ```
> >> const tokenStr = asToken;
> >> const pulsarUri = pulsarUrl;
> >> const topicName = asTopic;
> >>
> >> const auth = new Pulsar.AuthenticationToken({ token: tokenStr });
> >> const client = new Pulsar.Client({
> >> serviceUrl: pulsarUri,
> >> authentication: auth,
> >> operationTimeoutSeconds: 30,
> >> tlsCertificateFilePath: "",
> >> tlsValidateHostname: false
> >> });
> >> Pulsar.Client.setLogHandler((level, file, line, message) => {
> >> console.log('[%s][%s:%d] %s', Pulsar.LogLevel.toString(level), file,
> >> line, message);
> >> });
> >>
> >> const producer = await client.createProducer({
> >> topic: topicName,
> >> })
> >>
> >> for (let i = 0; i < 10; i += 1) {
> >> await producer.send({
> >> data: Buffer.from("nodejs-message-" + i),
> >> });
> >> console.log("send message " + i);
> >> }
> >> await producer.flush();
> >> await producer.close();
> >> await client.close();
> >>
> >> ```
> >>
> >> Thanks,
> >> Nicolò Boschi
> >>
> >>
> >> Il giorno mer 22 feb 2023 alle ore 08:02 Yunze Xu
> >> <y...@streamnative.io.invalid> ha scritto:
> >>
> >> +1 (binding)
> >>
> >> * Verified checksum and signature
> >>
> >> * Build from source
> >>
> >> * Install from npm on Ubuntu 20.04
> >>
> >> * Run an end-to-end test with custom `tlsTrustCertsFilePath` config on
> >>
> >> StreamNative cloud with OAuth2 authentication
> >>
> >>
> >> BTW, from the discussion here [1], it would be better to use
> >>
> >> https://downloads.apache.org/pulsar/KEYS as the KEYS,
> >>
> >>
> >> [1] https://lists.apache.org/thread/f9w430oqpm0g72b1htwbtc8y3mfqf8r6
> >>
> >>
> >> Thanks,
> >>
> >> Yunze
> >>
> >>
> >> On Mon, Feb 20, 2023 at 5:36 PM Nozomi Kurihara <nkuri...@apache.org>
> >>
> >> wrote:
> >>
> >> >
> >>
> >> > +1 (binding)
> >>
> >> >
> >>
> >> > * checked license headers
> >>
> >> > * verified checksum and signature
> >>
> >> > * install from npm and run producer/consumer
> >>
> >> >
> >>
> >> > Thanks,
> >>
> >> > Nozomi
> >>
> >> >
> >>
> >> > 2023年2月17日(金) 19:12 Baodi Shi <ba...@apache.org>:
> >>
> >> >
> >>
> >> > > Hi everyone,
> >>
> >> > >
> >>
> >> > > This is the first release candidate for Apache Pulsar Node.js client,
> >>
> >> > > version 1.8.1.
> >>
> >> > >
> >>
> >> > > It fixes the following
> >>
> >> > > issues:
> >>
> >> > >
> >>
> >>
> >> https://github.com/apache/pulsar-client-node/pulls?q=is%3Apr+label%3Arelease%2Fv1.8.1+is%3Aclosed
> >>
> >> > >
> >>
> >> > > Please download the source files and review this release candidate:
> >>
> >> > > - Download the source package, verify shasum and asc
> >>
> >> > > - Follow the README.md to build and run the Pulsar Node.js client.
> >>
> >> > >
> >>
> >> > > The release candidate package has been published to the npm
> >>
> >> > > registry:https://www.npmjs.com/package/pulsar-client/v/1.8.1-rc.1
> >>
> >> > > You can install it by `npm i pulsar-client@1.8.1-rc.1
> >>
> >> > > --pulsar_binary_host_mirror=
> >>
> >> > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/`
> >> <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/>
> >>
> >> <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/>
> >>
> >> > > <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/>
> >>
> >> > > and verify the package.
> >>
> >> > >
> >>
> >> > > The vote will be open for at least 72 hours. It is adopted by majority
> >>
> >> > > approval, with at least 3 PMC affirmative votes.
> >>
> >> > >
> >>
> >> > > Source files:
> >>
> >> > >
> >>
> >>
> >> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/pulsar-client-node-1.8.1-rc.1/
> >>
> >> > >
> >>
> >> > > Pulsar's KEYS file containing PGP keys we use to sign the
> >>
> >> > > release:https://dist.apache.org/repos/dist/dev/pulsar/KEYS
> >>
> >> > >
> >>
> >> > > SHA-512 checksum:
> >>
> >> > >
> >>
> >> > >
> >>
> >>
> >> ed89b4ad467d3cb75ed37096b35d91b872cd93d36cd953512fc7edcb75dbac5162592f6f51b5ab08f26b3dca1c57a3d3fe7a5e4f109551c66943a5b09392d51a
> >>
> >> > > apache-pulsar-client-node-1.8.1.tar.gz
> >>
> >> > > The tag to be voted upon:
> >>
> >> > > v1.8.1-rc.1(3e843f0)
> >>
> >> > > https://github.com/apache/pulsar-client-node/releases/tag/v1.8.1-rc.1
> >>
> >> > >
> >>
> >> > > Please review and vote on the release candidate #1 for the version
> >>
> >> > > 1.8.1, as follows:
> >>
> >> > > [ ] +1, Approve the release
> >>
> >> > > [ ] -1, Do not approve the release (please provide specific comments)
> >>
> >> > >
> >>
> >> > >
> >>
> >> > >
> >>
> >> > >
> >>
> >> > > Thanks,
> >>
> >> > > Baodi Shi
> >>
> >> > >
> >>
> >>
> >>
