[
https://issues.apache.org/jira/browse/GEODE-397?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14961353#comment-14961353
]
ASF subversion and git services commented on GEODE-397:
-------------------------------------------------------
Commit fbe8c37a94b61af411640c455fe4787e19f3d536 in incubator-geode's branch
refs/heads/develop from [~dschneider]
[ https://git-wip-us.apache.org/repos/asf?p=incubator-geode.git;h=fbe8c37 ]
GEODE-397: Fix clients to use server ssl config
Each client pool now creates a single SocketCreator that
uses either the server or gateway ssl config.
That SocketCreator is used for all connections the client
makes to the server. It no longer uses the default cluster
SocketCreator when connecting to the server.
This fix might show some performance improvement because the
old code recreated the SocketCreator every time the client
created a server connection. Now it just happens once for each
pool.
Also since using SocketCreator.getDefaultInstance when it should
have used a non-default instance caused this bug all calls of
getDefaultInstance were reviewed. A number of them used
to call isHostReachable which is a method that was deadcoded.
So all those calls have been removed. One of call of
getDefaultInstance was deleted (in ConnectionTable) because it
was never used.
The existing code CacheServerSSLConnectionDUnit is now named
CacheServerSSLConnectionDUnitTest which causes this test to
be run with the other unit tests. A test for this bug was
added to it.
> When the server-ssl-* properties are configured, the client subscription
> socket can fail to be created
> ------------------------------------------------------------------------------------------------------
>
> Key: GEODE-397
> URL: https://issues.apache.org/jira/browse/GEODE-397
> Project: Geode
> Issue Type: Bug
> Components: core
> Reporter: Darrel Schneider
> Assignee: Darrel Schneider
>
> The {{{CacheClientUpdater}}} (which creates the client subscription socket)
> uses the default {{{SocketCreator}}} which is configured based on the
> {{{cluster-ssl-*}}} properties.
> If the {{{cluster-ssl-*}}} properties are configured in the client security
> properties, the client subscription socket is created correctly. If, instead,
> the {{{server-ssl-*}}} properties are configured, then the
> {{{CacheClientUpdater}}} will attempt to create the socket with value of
> {{{cluster-ssl-enabled}}} (which will be false) instead of
> {{{server-ssl-enabled}}} (which will be true) and fail.
> The messages logged in the client log are:
> {{{
> [warning 2015/10/05 18:41:46.487 PDT <main> tid=0x1] Cache Client Updater
> Thread on boglesbymac(server1:85312)<v1>:13499 port 49848
> (192.168.2.12:49848): Security exception when creating server-to-client
> communication socket.
> com.gemstone.gemfire.security.AuthenticationRequiredException: Server
> expecting SSL connection
> [error 2015/10/05 18:41:46.491 PDT <main> tid=0x1] Could not find any server
> to create primary client queue on. Number of excluded servers is 1 and
> exception is no exception.
> [error 2015/10/05 18:41:46.491 PDT <main> tid=0x1] Could not initialize a
> primary queue on startup. No queue servers available.
> }}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
