[GitHub] [beam] Abacn opened a new issue, #22504: [Feature Request]: Support HTTPS proxies and self-signed certificates for GCS staging

GitBox Thu, 28 Jul 2022 07:27:38 -0700


Abacn opened a new issue, #22504:
URL: https://github.com/apache/beam/issues/22504


   ### What would you like to happen?
   
   Creating dataflow pipelines via Proxy Server with own java trust store will 
encounter certificate error:
   ```
   WARNING: exception thrown while executing request
   java.net.UnknownHostException: www.googleapis.com
                   at 
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
                   at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
                   at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
                   at java.net.Socket.connect(Socket.java:589)
                   at 
sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:673)
                   at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
                   at 
sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
                   at 
sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
                   at 
sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264)
                   at 
sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
                   at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
                   at 
sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156)
                   at 
sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050)
                   at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177)
                   at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:162)
                   at 
com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:93)
   ```
   this is due to the hardcoded google vendored trust store in 
[java-api-library](https://github.com/googleapis/google-api-java-client/blob/main/google-api-client/src/main/java/com/google/api/client/googleapis/GoogleUtils.java#L85).
 To support customer supplied certificates (mTLS) it needs to upgrade 
google-api-client dependency to 
[1.38.0](https://github.com/googleapis/google-api-java-client/issues/1114#issuecomment-796099858)
 and expose it in beam sdk.
   
   ### Issue Priority
   
   Priority: 2
   
   ### Issue Component
   
   Component: io-java-gcp


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [beam] Abacn opened a new issue, #22504: [Feature Request]: Support HTTPS proxies and self-signed certificates for GCS staging

Reply via email to