[
https://issues.apache.org/jira/browse/HIVE-20606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769837#comment-16769837
]
t oo commented on HIVE-20606:
-----------------------------
[~krisden] - did u fix?
> hive3.1 beeline to dns complaining about ssl on ip
> --------------------------------------------------
>
> Key: HIVE-20606
> URL: https://issues.apache.org/jira/browse/HIVE-20606
> Project: Hive
> Issue Type: Bug
> Components: Beeline, HiveServer2
> Affects Versions: 3.1.0
> Reporter: t oo
> Priority: Blocker
>
> Why is beeline complaining about ip when i use dns in the connection? I have
> a valid cert/jks on the dns. Exact same beeline worked when running on
> hive2.3.2 but this is hive3.1.0
> [ec2-user@ip-10-1-2-3 logs]$ $HIVE_HOME/bin/beeline
> SLF4J: Class path contains multiple SLF4J bindings.
> SLF4J: Found binding in
> [jar:file:/usr/lib/apache-hive-3.1.0-bin/lib/log4j-slf4j-impl-2.10.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
> SLF4J: Found binding in
> [jar:file:/usr/lib/hadoop-2.7.5/share/hadoop/common/lib/slf4j-log4j12-1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class]
> SLF4J: See [http://www.slf4j.org/codes.html#multiple_bindings] for an
> explanation.
> SLF4J: Actual binding is of type
> [org.apache.logging.slf4j.Log4jLoggerFactory]
> Beeline version 3.1.0 by Apache Hive
> beeline> !connect
> jdbc:hive2://mydns:10000/default;ssl=true;sslTrustStore=/home/ec2-user/spark_home/conf/app-trust-nonprd.jks;trustStorePassword=changeit
> userhere passhere
> Connecting to
> jdbc:hive2://mydns:10000/default;ssl=true;sslTrustStore=/home/ec2-user/spark_home/conf/app-trust-nonprd.jks;trustStorePassword=changeit
> 18/09/20 04:49:06 [main]: WARN jdbc.HiveConnection: Failed to connect to
> mydns:10000
> Unknown HS2 problem when communicating with Thrift server.
> Error: Could not open client transport with JDBC Uri:
> jdbc:hive2://mydns:10000/default;ssl=true;sslTrustStore=/home/ec2-user/spark_home/conf/app-trust-nonprd.jks;trustStorePassword=changeit:
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No subject alternative names
> matching IP address 10.1.2.3 found (state=08S01,code=0)
> beeline>
>
>
>
>
>
>
>
>
>
>
> hiveserver2 logs:
> 2018-09-20T04:50:16,245 ERROR [HiveServer2-Handler-Pool: Thread-79]
> server.TThreadPoolServer: Error occurred during processing of message.
> java.lang.RuntimeException: org.apache.thrift.transport.TTransportException:
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> ~[?:1.8.0_181]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> ~[?:1.8.0_181]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
> Caused by: org.apache.thrift.transport.TTransportException:
> javax.net.ssl.SSLHandshakeException: Remote host closed connection during
> handshake
> at
> org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:178)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
> ~[hive-exec-3.1.0.jar:3.1.0]
> ... 4 more
> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection
> during handshake
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1002)
> ~[?:1.8.0_181]
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> ~[?:1.8.0_181]
> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
> ~[?:1.8.0_181]
> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> ~[?:1.8.0_181]
> at
> org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:178)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
> ~[hive-exec-3.1.0.jar:3.1.0]
> ... 4 more
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
> at sun.security.ssl.InputRecord.read(InputRecord.java:505) ~[?:1.8.0_181]
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
> ~[?:1.8.0_181]
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> ~[?:1.8.0_181]
> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
> ~[?:1.8.0_181]
> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> ~[?:1.8.0_181]
> at
> org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:178)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
> ~[hive-exec-3.1.0.jar:3.1.0]
> ... 4 more
> 2018-09-20T04:50:19,075 ERROR [HiveServer2-Handler-Pool: Thread-79]
> server.TThreadPoolServer: Error occurred during processing of message.
> java.lang.RuntimeException: org.apache.thrift.transport.TTransportException:
> javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> ~[?:1.8.0_181]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> ~[?:1.8.0_181]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
> Caused by: org.apache.thrift.transport.TTransportException:
> javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
> at
> org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:129)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:178)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
> ~[hive-exec-3.1.0.jar:3.1.0]
> ... 4 more
> Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert:
> certificate_unknown
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_181]
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[?:1.8.0_181]
> at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
> ~[?:1.8.0_181]
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
> ~[?:1.8.0_181]
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> ~[?:1.8.0_181]
> at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:938)
> ~[?:1.8.0_181]
> at sun.security.ssl.AppInputStream.read(AppInputStream.java:105)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)
> ~[?:1.8.0_181]
> at java.io.BufferedInputStream.read(BufferedInputStream.java:345)
> ~[?:1.8.0_181]
> at
> org.apache.thrift.transport.TIOStreamTransport.read(TIOStreamTransport.java:127)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TTransport.readAll(TTransport.java:86)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:178)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
> ~[hive-exec-3.1.0.jar:3.1.0]
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
> ~[hive-exec-3.1.0.jar:3.1.0]
> ... 4 more
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
