Igor Sapego created IGNITE-25693:
------------------------------------
Summary: Client connector produces excessive logs when SSL
connection fails
Key: IGNITE-25693
URL: https://issues.apache.org/jira/browse/IGNITE-25693
Project: Ignite
Issue Type: Bug
Components: thin clients ai3
Affects Versions: 3.0.0-beta1
Reporter: Igor Sapego
If the client secure certificate is wrong, client connector produces a whole
stacktrace, which is excessive and may result in unnecessary drive load.
A single exception example:
{noformat}
[WARN
][org.apache.ignite.internal.runner.app.PlatformTestNodeRunner_4-network-worker-8][ClientInboundMessageHandler]
Exception in client connector pipeline [connectionId=423,
remoteAddress=/127.0.0.1:51376]: javax.net.ssl.SSLHandshakeException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500)
~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:796)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:732)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:658)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
[netty-transport-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:998)
[netty-common-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
[netty-common-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
[netty-common-4.1.119.Final.jar:4.1.119.Final]
at java.base/java.lang.Thread.run(Thread.java:833) [?:?]
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
~[?:?]
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
~[?:?]
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
~[?:?]
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
~[?:?]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkClientCerts(CertificateMessage.java:1301)
~[?:?]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1204)
~[?:?]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1181)
~[?:?]
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
~[?:?]
at
java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
~[?:?]
at
io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1695)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1541)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1377)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1428)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at
java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
~[?:?]
at
java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
~[?:?]
at
java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
~[?:?]
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:138)
~[?:?]
at
io.netty.handler.ssl.EnhancingX509ExtendedTrustManager.checkClientTrusted(EnhancingX509ExtendedTrustManager.java:62)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkClientCerts(CertificateMessage.java:1279)
~[?:?]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1204)
~[?:?]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1181)
~[?:?]
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
~[?:?]
at
java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
~[?:?]
at
io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1695)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1541)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1377)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1428)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
~[?:?]
at
java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
~[?:?]
at
java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
~[?:?]
at
java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
~[?:?]
at
java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
~[?:?]
at
java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
~[?:?]
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:138)
~[?:?]
at
io.netty.handler.ssl.EnhancingX509ExtendedTrustManager.checkClientTrusted(EnhancingX509ExtendedTrustManager.java:62)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkClientCerts(CertificateMessage.java:1279)
~[?:?]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1204)
~[?:?]
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1181)
~[?:?]
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
~[?:?]
at
java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
~[?:?]
at
java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
~[?:?]
at
io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1695)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1541)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1377)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1428)
~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
at
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
... 17 more
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
