[
https://issues.apache.org/jira/browse/GEODE-397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14955294#comment-14955294
]
ASF subversion and git services commented on GEODE-397:
-------------------------------------------------------
Commit 7beba45f1f0bf126fd5e6750190dbdb5733d9c70 in incubator-geode's branch
refs/heads/feature/GEODE-397 from [~dschneider]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-geode.git;h=7beba45 ]
GEODE-397: Fix clients to use server ssl config
Each client pool now creates a single SocketCreator that
uses either the server or gateway ssl config.
That SocketCreator is used for all connections the client
makes to the server. It no longer uses the default cluster
SocketCreator when connecting to the server.
This fix might show some performance improvement because the
old code recreated the SocketCreator every time the client
created a server connection. Now it just happens once for each
pool.
Also since using SocketCreator.getDefaultInstance when it should
have used a non-default instance caused this bug all calls of
getDefaultInstance were reviewed. A number of them were used
to call isHostReachable which is a method that was deadcoded.
So all those calls have been commented out. One of call of
getDefaultInstance was deleted (in ConnectionTable) because it
was never used.
> When the server-ssl-* properties are configured, the client subscription
> socket can fail to be created
> ------------------------------------------------------------------------------------------------------
>
> Key: GEODE-397
> URL: https://issues.apache.org/jira/browse/GEODE-397
> Project: Geode
> Issue Type: Bug
> Components: core
> Reporter: Darrel Schneider
> Assignee: Darrel Schneider
>
> The {{{CacheClientUpdater}}} (which creates the client subscription socket)
> uses the default {{{SocketCreator}}} which is configured based on the
> {{{cluster-ssl-*}}} properties.
> If the {{{cluster-ssl-*}}} properties are configured in the client security
> properties, the client subscription socket is created correctly. If, instead,
> the {{{server-ssl-*}}} properties are configured, then the
> {{{CacheClientUpdater}}} will attempt to create the socket with value of
> {{{cluster-ssl-enabled}}} (which will be false) instead of
> {{{server-ssl-enabled}}} (which will be true) and fail.
> The messages logged in the client log are:
> {{{
> [warning 2015/10/05 18:41:46.487 PDT <main> tid=0x1] Cache Client Updater
> Thread on boglesbymac(server1:85312)<v1>:13499 port 49848
> (192.168.2.12:49848): Security exception when creating server-to-client
> communication socket.
> com.gemstone.gemfire.security.AuthenticationRequiredException: Server
> expecting SSL connection
> [error 2015/10/05 18:41:46.491 PDT <main> tid=0x1] Could not find any server
> to create primary client queue on. Number of excluded servers is 1 and
> exception is no exception.
> [error 2015/10/05 18:41:46.491 PDT <main> tid=0x1] Could not initialize a
> primary queue on startup. No queue servers available.
> }}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
