I have received the same complaint (around SSL in Solr 9) from others, and think I found the root cause (we no longer allow using the default java truststore when using HTTP2).
You can follow here: https://issues.apache.org/jira/browse/SOLR-16668 - Houston On Tue, Jan 31, 2023 at 11:26 AM Jan Høydahl <jan....@cominvent.com> wrote: > I did reply to your email on Jan 24th. If you subscribe to the list you > will see the answer. > > Jan Høydahl > > > 31. jan. 2023 kl. 16:06 skrev Keerthi Turakapalli > <tkeer...@opentext.com.invalid>: > > > > FYI > > Can you please respond to this mail? > > > > Thanks & Regards, > > Keerthi Turakapalli > > > > ________________________________ > > From: Keerthi Turakapalli > > Sent: 24 January 2023 17:13 > > To: dev@solr.apache.org <dev@solr.apache.org> > > Cc: Sangisetti Ramana <sram...@opentext.com>; Santosh Kumar Siliveru < > ssili...@opentext.com>; Dhoka Pramod <dpra...@opentext.com> > > Subject: Connection to SSL enabled solr9 is failing > > > > Hi, > > > > In solr8.11.2 we were using the below code where the HttpClient object > is created with SSLContextFactory to connect to ssl enabled solr. > > > > Code Snippet using solr 8.11.2: > > > > > > builder = new > CloudSolrClient.Builder(Collections.singletonList(mServerDetails.getZookeeperUrl()), > Optional.empty()) > > .withHttpClient(getSecureClient()) > > > > reutrn builder.build(); > > > > private CloseableHttpClient getSecureClient() { > > CloseableHttpClient cHttpClient = null; > > try { > > TrustStrategy acceptingTrustStrategy = (cert, authType) -> true; > > SSLContext sslContext = > SSLContexts.custom().loadTrustMaterial(null, > acceptingTrustStrategy).build(); > > SSLConnectionSocketFactory sslConnectionSocketFactory = new > SSLConnectionSocketFactory(sslContext, new DefaultHostnameVerifier()); > > Registry<ConnectionSocketFactory> socketFactoryRegistry = > RegistryBuilder.<ConnectionSocketFactory>create(). > > register(SCHEMA_HTTPS, > sslConnectionSocketFactory).build(); > > BasicHttpClientConnectionManager connectionManager = new > BasicHttpClientConnectionManager(socketFactoryRegistry); > > cHttpClient = > HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).setConnectionManager(connectionManager).build(); > > } catch(NoSuchAlgorithmException | KeyStoreException | > KeyManagementException ex) > > { > > mLogger.atError().log("Processing httpclient failed.: {}", ex); > > } > > return cHttpClient; > > } > > > > However, withHttpClient() in solr9.1.0 got updated and it is only > accepting Http2SolrClient instead of HttpClient. > > Following the documentation here: > > https://solr.apache.org/guide/solr/latest/deployment-guide/solrj.html > > > > We tried to connect to ssl enabled solr using, > > > > This code leads to an NPE: > > > > > > List<String> list = new ArrayList<>(); > > list.add(mServerDetails.getZookeeperUrl()); > > CloudHttp2SolrClient.Builder newBuilder = new > CloudHttp2SolrClient.Builder(list, Optional.empty()); > > return newBuilder.build(); > > > > This code is throwing below "Missing SSLContextFactory" error. Please > find the stacktrace, > > ===================================================== > > > > DEBUG | 2023-01-24 14:31:50 | [Thread-175] impl.SolrServiceImpl > (SolrServiceImpl.java:474) - Zookeeper Protocol: HTTPS, enableSSLFlag: true > > ERROR | 2023-01-24 14:31:50 | [Thread-175] impl.SolrServiceImpl > (SolrServiceImpl.java:218) - Failed to get the cluster status from the > server. > > org.apache.solr.client.solrj.SolrServerException: > java.lang.NullPointerException: Missing SslContextFactory > > at > org.apache.solr.client.solrj.impl.LBSolrClient.doRequest(LBSolrClient.java:445) > ~[?:?] > > at > org.apache.solr.client.solrj.impl.LBSolrClient.request(LBSolrClient.java:371) > ~[?:?] > > at > org.apache.solr.client.solrj.impl.CloudSolrClient.sendRequest(CloudSolrClient.java:1174) > ~[?:?] > > at > org.apache.solr.client.solrj.impl.CloudSolrClient.requestWithRetryOnStaleState(CloudSolrClient.java:880) > ~[?:?] > > at > org.apache.solr.client.solrj.impl.CloudSolrClient.request(CloudSolrClient.java:807) > ~[?:?] > > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:234) > ~[?:?] > > at > org.apache.solr.client.solrj.SolrRequest.process(SolrRequest.java:249) > ~[?:?] > > > > at com.zerog.ia.installer.actions.CustomAction.installSelf(Unknown > Source) ~[installer.zip:?] > > at com.zerog.ia.installer.util.GenericInstallPanel$2.run(Unknown Source) > ~[installer.zip:?] > > > > Caused by: java.lang.NullPointerException: Missing SslContextFactory > > at java.util.Objects.requireNonNull(Objects.java:246) ~[?:?] > > at > org.eclipse.jetty.io.ssl.SslClientConnectionFactory.<init>(SslClientConnectionFactory.java:57) > ~[?:?] > > at > org.eclipse.jetty.client.HttpClient.newSslClientConnectionFactory(HttpClient.java:1208) > ~[?:?] > > at > org.eclipse.jetty.client.HttpClient.newSslClientConnectionFactory(HttpClient.java:1214) > ~[?:?] > > at > org.eclipse.jetty.client.HttpDestination.newSslClientConnectionFactory(HttpDestination.java:148) > ~[?:?] > > at > org.eclipse.jetty.client.HttpDestination.newSslClientConnectionFactory(HttpDestination.java:154) > ~[?:?] > > at > org.eclipse.jetty.client.HttpDestination.<init>(HttpDestination.java:94) > ~[?:?] > > at > org.eclipse.jetty.client.MultiplexHttpDestination.<init>(MultiplexHttpDestination.java:25) > ~[?:?] > > at > org.eclipse.jetty.http2.client.http.HttpDestinationOverHTTP2.<init>(HttpDestinationOverHTTP2.java:32) > ~[?:?] > > at > org.eclipse.jetty.http2.client.http.HttpClientTransportOverHTTP2.newHttpDestination(HttpClientTransportOverHTTP2.java:128) > ~[?:?] > > at > org.eclipse.jetty.client.HttpClient.lambda$resolveDestination$0(HttpClient.java:575) > ~[?:?] > > at > java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1705) > ~[?:?] > > at > org.eclipse.jetty.client.HttpClient.resolveDestination(HttpClient.java:573) > ~[?:?] > > at > org.eclipse.jetty.client.HttpClient.resolveDestination(HttpClient.java:551) > ~[?:?] > > at org.eclipse.jetty.client.HttpClient.send(HttpClient.java:599) ~[?:?] > > at org.eclipse.jetty.client.HttpRequest.sendAsync(HttpRequest.java:780) > ~[?:?] > > at org.eclipse.jetty.client.HttpRequest.send(HttpRequest.java:767) ~[?:?] > > at > org.apache.solr.client.solrj.impl.Http2SolrClient.request(Http2SolrClient.java:455) > ~[?:?] > > at > org.apache.solr.client.solrj.impl.LBSolrClient.doRequest(LBSolrClient.java:405) > ~[?:?] > > ============================================ > > > > Here it is expecting SSLContextFactory while connecting to solr with the > zookeeper host. We also tried to use the method "withSSLConfig(sslConfig)" > in Http2SolrClient class. But the usage is something like > > > > < > > new Http2SolrClient.Builder().build; > > > > public Builder withSSLConfig(SSLConfig sslConfig) { > > this.sslConfig = sslConfig; > > return this; > > } > >> > > > > Here withSSLConfig() method requiring SSLConfig object containing > parameters like authClient, keystore, keystorePassword, trustore, > truststorePassword. If this method is to be used, where and what values are > expected here? However, to call this method in Builder() by default it is > assigning defaultSSLConf. What does this do? > > > > Could you please let us know how to Build a CloudSlrClient object with > SSLConfig that can connect to SSL enabled solr9 machine with zookeeper URL? > > Or is it mandated to pass solr URL's? > > > > Thanks & Regards, > > Keerthi Turakapalli > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@solr.apache.org > For additional commands, e-mail: dev-h...@solr.apache.org > >
