WrightKD commented on issue #9801:
URL: https://github.com/apache/apisix/issues/9801#issuecomment-1644100605
This issue occurs for me ever time I call a gateway endpoint from postman
without a CA :
Steps to reproduce :
1. Setup a SSL for mTLS , example :
```
{
"sni": "example.com",
"cert": "server_cert_example",
"key": "server_key_example",
"client": {
"ca": "ca_cert_example"
}
}
```
Note : Admin API - GET /apisix/admin/ssls retutns only one SSL (the newly
added SSL above)
2. Setup a route , example which I used :
```
{
"name": "sap-post",
"desc": "Number converter for SAP Post",
"uri": "/converter/*",
"plugins": {
"file-logger": {
"path": "logs/file_converter_route.log",
"log_format": {
"host": "$host",
"@timestamp": "$time_iso8601",
"client_ip": "$remote_addr",
"route_name": "$route_name",
"reponse": "$resp_body",
"request": "$request_body"
},
"include_resp_body": true
},
"proxy-rewrite": {
"regex_uri": [
"/converter/number",
"/webservicesserver/NumberConversion.wso"
],
"headers": {
"set": {
"Accept-Encoding": "identity",
"Content-Type": "text/xml"
},
"add":{
"X-Ssl-Client-Fingerprint": "$ssl_client_fingerprint",
"X-Ssl-Client-Serial": "$ssl_client_serial",
"X-Ssl-Client-S-DN": "$ssl_client_s_dn"
}
}
},
"response-rewrite": {
"headers": {
"set": {
"Content-Type": "application/json"
}
}
},
"body-transformer": {
"request": {
"template":
"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPHNvYXA6RW52ZWxvcGUgeG1sbnM6c29hcD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvc29hcC9lbnZlbG9wZS8iPgogIDxzb2FwOkJvZHk+CiAgICA8TnVtYmVyVG9Xb3JkcyB4bWxucz0iaHR0cDovL3d3dy5kYXRhYWNjZXNzLmNvbS93ZWJzZXJ2aWNlc3NlcnZlci8iPgogICAgICA8dWJpTnVtPnt7X2VzY2FwZV94bWwobnVtYmVyKX19PC91YmlOdW0+CiAgICA8L051bWJlclRvV29yZHM+CiAgPC9zb2FwOkJvZHk+Cjwvc29hcDpFbnZlbG9wZT4=",
"input_format" : "json"
},
"response": {
"template":
"ewogICAgIk51bWJlclRvV29yZHMiOiB7Kl9lc2NhcGVfanNvbihFbnZlbG9wZS5Cb2R5Lk51bWJlclRvV29yZHNSZXNwb25zZS5OdW1iZXJUb1dvcmRzUmVzdWx0KSp9Cn0=",
"input_format" : "xml"
}
}
},
"methods": [
"POST"
],
"upstream": {
"type": "roundrobin",
"nodes": {
"www.dataaccess.com": 1
},
"scheme": "https",
"pass_host": "node"
}
}
```
If I call the gateway on the path /converter/number, without a client
certificate and key , Postman returns the error - Error: socket hang up.
And the error logged in APISIX : SSL_do_handshake() failed (SSL:
error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return
a certificate) while SSL handshaking
With a client cert and key (as per the image) , I get the 500 error :
```
<html>
<head>
<title>500 Internal Server Error</title>
</head>
<body>
<center>
<h1>500 Internal Server Error</h1>
</center>
<hr>
<center>openresty</center>
<p><em>Powered by <a
href="https://apisix.apache.org/";>APISIX</a>.</em></p>
</body>
</html>
```
APISIX Error in the logs :
```
lua entry thread aborted: runtime error:
/usr/local/apisix/apisix/init.lua:332: attempt to index local 'matched_ssl' (a
nil value)
6
stack traceback:
5
coroutine 0:
4
/usr/local/apisix/apisix/init.lua: in function 'verify_https_client'
3
/usr/local/apisix/apisix/init.lua:560: in function 'http_access_phase'
```
And I will continue to get the error until I add a CA in postman :
After adding the CA, all the requests to the endpoint work again.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
