[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17142146#comment-17142146
]
ASF subversion and git services commented on GEODE-8144:
Commit 85a42d5213d784373772e6e39a1f273838b049a4 in geode's branch
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=85a42d5 ]
GEODE-8144: setting SNI server name is not needed if endpoint verification is
disabled (#5250)
* GEODE-8144: endpoint identification in servers is not working
modified the fix for this issue to not set the SNI server name parameter
if endpoint verification is disabled. We're doing this because setting
this parameter appears to decrease performance in large performance
tests.
* changed test to throw exceptions instead of asserting they don't exist
* replaced check for SNI server name in SSL parameters with a more in-depth
check
* SSLParameters.getServerNames() may return a null value
(cherry picked from commit b1107d2e403404337c22830a4964eefc2490ef50)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Assignee: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.13.0, 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17142145#comment-17142145
]
ASF subversion and git services commented on GEODE-8144:
Commit 85a42d5213d784373772e6e39a1f273838b049a4 in geode's branch
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=85a42d5 ]
GEODE-8144: setting SNI server name is not needed if endpoint verification is
disabled (#5250)
* GEODE-8144: endpoint identification in servers is not working
modified the fix for this issue to not set the SNI server name parameter
if endpoint verification is disabled. We're doing this because setting
this parameter appears to decrease performance in large performance
tests.
* changed test to throw exceptions instead of asserting they don't exist
* replaced check for SNI server name in SSL parameters with a more in-depth
check
* SSLParameters.getServerNames() may return a null value
(cherry picked from commit b1107d2e403404337c22830a4964eefc2490ef50)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Assignee: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.13.0, 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17137774#comment-17137774
]
ASF subversion and git services commented on GEODE-8144:
Commit b1107d2e403404337c22830a4964eefc2490ef50 in geode's branch
refs/heads/develop from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b1107d2 ]
GEODE-8144: setting SNI server name is not needed if endpoint verification is
disabled (#5250)
* GEODE-8144: endpoint identification in servers is not working
modified the fix for this issue to not set the SNI server name parameter
if endpoint verification is disabled. We're doing this because setting
this parameter appears to decrease performance in large performance
tests.
* changed test to throw exceptions instead of asserting they don't exist
* replaced check for SNI server name in SSL parameters with a more in-depth
check
* SSLParameters.getServerNames() may return a null value
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Assignee: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.13.0, 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17137773#comment-17137773
]
ASF subversion and git services commented on GEODE-8144:
Commit b1107d2e403404337c22830a4964eefc2490ef50 in geode's branch
refs/heads/develop from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b1107d2 ]
GEODE-8144: setting SNI server name is not needed if endpoint verification is
disabled (#5250)
* GEODE-8144: endpoint identification in servers is not working
modified the fix for this issue to not set the SNI server name parameter
if endpoint verification is disabled. We're doing this because setting
this parameter appears to decrease performance in large performance
tests.
* changed test to throw exceptions instead of asserting they don't exist
* replaced check for SNI server name in SSL parameters with a more in-depth
check
* SSLParameters.getServerNames() may return a null value
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Assignee: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.13.0, 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17137665#comment-17137665
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt merged pull request #5250:
URL: https://github.com/apache/geode/pull/5250
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Assignee: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.13.0, 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
> at src.EntryConsumer.initialize(EntryConsumer.java:69)
> at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
> at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17136028#comment-17136028
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt opened a new pull request #5250:
URL: https://github.com/apache/geode/pull/5250
I've modified the fix for GEODE-8144 to not set the SNI server name parameter
if endpoint verification is disabled. The parameter is only needed if
endpoint
verification is enabled. Some performance tests that had endpoint
identification
disabled were showing degraded perf.
Thank you for submitting a contribution to Apache Geode.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [ ] Is your initial contribution a single, squashed commit?
- [ ] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
### Note:
Please ensure that once the PR is submitted, check Concourse for build
issues and
submit an update to your PR as soon as possible. If you need help, please
send an
email to d...@geode.apache.org.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Assignee: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.13.0, 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119101#comment-17119101
]
ASF subversion and git services commented on GEODE-8144:
Commit 367e0a1557307ab6b8ba30c5a8b8c15324f6b552 in geode's branch
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=367e0a1 ]
GEODE-8144 another attempt to fix a failing test (#5172)
one more test change
(cherry picked from commit 42c11640c75ae87038e07cbde3c98a3ca6b36987)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
> at src.EntryConsumer.initialize(EntryConsumer.java:69)
> at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333)
> at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119004#comment-17119004
]
ASF subversion and git services commented on GEODE-8144:
Commit 207e3ee0c3aae704216bd0e9ec1275606b9116a2 in geode's branch
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=207e3ee ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
(cherry picked from commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119007#comment-17119007
]
ASF subversion and git services commented on GEODE-8144:
Commit bcc097a6dda38ab276720521ab0308cef7a4c1be in geode's branch
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=bcc097a ]
GEODE-8144 another attempt to fix a failing test (#5172)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* GEODE-8144 another attempt to fix a failing test
The JMX tests in this test class use "localhost" to connect to a
Manager. This is being transformed somehow into an IP numeric address
and is failing endpoint verification. The test passes on my Windows machine
and also passes on Mac and Ubuntu when I run it there. I'm
adding the "localhost" IP address to the certificate to get past this.
Another fix would be to change the Rule that's using "localhost" to
use the real host name but that would affect a lot of other tests.
Before I started messing with this test it was adding
InetAddress.getLocalHost() as an IP address to the certificate so I
don't think this is a big change to the original test. The test now
uses LocalHostUtils.getLocalHost() to get an IP to add to the
certificate, which is the correct "localhost" to use with Geode.
(cherry picked from commit 42c11640c75ae87038e07cbde3c98a3ca6b36987)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119003#comment-17119003
]
ASF subversion and git services commented on GEODE-8144:
Commit 207e3ee0c3aae704216bd0e9ec1275606b9116a2 in geode's branch
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=207e3ee ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
(cherry picked from commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119006#comment-17119006
]
ASF subversion and git services commented on GEODE-8144:
Commit bcc097a6dda38ab276720521ab0308cef7a4c1be in geode's branch
refs/heads/support/1.13 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=bcc097a ]
GEODE-8144 another attempt to fix a failing test (#5172)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* GEODE-8144 another attempt to fix a failing test
The JMX tests in this test class use "localhost" to connect to a
Manager. This is being transformed somehow into an IP numeric address
and is failing endpoint verification. The test passes on my Windows machine
and also passes on Mac and Ubuntu when I run it there. I'm
adding the "localhost" IP address to the certificate to get past this.
Another fix would be to change the Rule that's using "localhost" to
use the real host name but that would affect a lot of other tests.
Before I started messing with this test it was adding
InetAddress.getLocalHost() as an IP address to the certificate so I
don't think this is a big change to the original test. The test now
uses LocalHostUtils.getLocalHost() to get an IP to add to the
certificate, which is the correct "localhost" to use with Geode.
(cherry picked from commit 42c11640c75ae87038e07cbde3c98a3ca6b36987)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118170#comment-17118170
]
ASF subversion and git services commented on GEODE-8144:
Commit 42c11640c75ae87038e07cbde3c98a3ca6b36987 in geode's branch
refs/heads/develop from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=42c1164 ]
GEODE-8144 another attempt to fix a failing test (#5172)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* GEODE-8144 another attempt to fix a failing test
The JMX tests in this test class use "localhost" to connect to a
Manager. This is being transformed somehow into an IP numeric address
and is failing endpoint verification. The test passes on my Windows machine
and also passes on Mac and Ubuntu when I run it there. I'm
adding the "localhost" IP address to the certificate to get past this.
Another fix would be to change the Rule that's using "localhost" to
use the real host name but that would affect a lot of other tests.
Before I started messing with this test it was adding
InetAddress.getLocalHost() as an IP address to the certificate so I
don't think this is a big change to the original test. The test now
uses LocalHostUtils.getLocalHost() to get an IP to add to the
certificate, which is the correct "localhost" to use with Geode.
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118169#comment-17118169
]
ASF subversion and git services commented on GEODE-8144:
Commit 42c11640c75ae87038e07cbde3c98a3ca6b36987 in geode's branch
refs/heads/develop from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=42c1164 ]
GEODE-8144 another attempt to fix a failing test (#5172)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* GEODE-8144 another attempt to fix a failing test
The JMX tests in this test class use "localhost" to connect to a
Manager. This is being transformed somehow into an IP numeric address
and is failing endpoint verification. The test passes on my Windows machine
and also passes on Mac and Ubuntu when I run it there. I'm
adding the "localhost" IP address to the certificate to get past this.
Another fix would be to change the Rule that's using "localhost" to
use the real host name but that would affect a lot of other tests.
Before I started messing with this test it was adding
InetAddress.getLocalHost() as an IP address to the certificate so I
don't think this is a big change to the original test. The test now
uses LocalHostUtils.getLocalHost() to get an IP to add to the
certificate, which is the correct "localhost" to use with Geode.
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118168#comment-17118168
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt merged pull request #5172:
URL: https://github.com/apache/geode/pull/5172
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
> at src.EntryConsumer.initialize(EntryConsumer.java:69)
> at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
> at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118143#comment-17118143
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt opened a new pull request #5172:
URL: https://github.com/apache/geode/pull/5172
The JMX tests in this test class use "localhost" to connect to a
Manager. This is being transformed somehow into an IP numeric address
and is failing endpoint verification. The test passes on my Windows machine
and also passes on Mac and Ubuntu when I run it there. I'm
adding the "localhost" IP address to the certificate to get past this.
Another fix would be to change the Rule that's using "localhost" to
use the real host name but that would affect a lot of other tests.
Before I started messing with this test it was adding
InetAddress.getLocalHost() as an IP address to the certificate so I
don't think this is a big change to the original test. The test now
uses LocalHostUtils.getLocalHost() to get an IP to add to the
certificate, which is the correct "localhost" to use with Geode.
Thank you for submitting a contribution to Apache Geode.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [ ] Is your initial contribution a single, squashed commit?
- [ ] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
### Note:
Please ensure that once the PR is submitted, check Concourse for build
issues and
submit an update to your PR as soon as possible. If you need help, please
send an
email to d...@geode.apache.org.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118138#comment-17118138
]
ASF subversion and git services commented on GEODE-8144:
Commit d5cdaf09f560f84ab2adb0abde6ddb10ab3e5a7e in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=d5cdaf0 ]
GEODE-8144 another attempt to fix a failing test
The JMX tests in this test class use "localhost" to connect to a
Manager. This is being transformed somehow into an IP numeric address
and is failing endpoint verification. The test passes on my Windows machine
and also passes on Mac and Ubuntu when I run it there. I'm
adding the "localhost" IP address to the certificate to get past this.
Another fix would be to change the Rule that's using "localhost" to
use the real host name but that would affect a lot of other tests.
Before I started messing with this test it was adding
InetAddress.getLocalHost() as an IP address to the certificate so I
don't think this is a big change to the original test. The test now
uses LocalHostUtils.getLocalHost() to get an IP to add to the
certificate, which is the correct "localhost" to use with Geode.
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117901#comment-17117901
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt closed pull request #5163:
URL: https://github.com/apache/geode/pull/5163
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
> at src.EntryConsumer.initialize(EntryConsumer.java:69)
> at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
> at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117335#comment-17117335
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt opened a new pull request #5163:
URL: https://github.com/apache/geode/pull/5163
… (#5131)"
This reverts commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3.
The change to InternalLocator to use a canonical hostname caused a
gfsh-windows test to fail. I'm reverting this commit while I look into
the problem.
Thank you for submitting a contribution to Apache Geode.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [ ] Is your initial contribution a single, squashed commit?
- [ ] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
### Note:
Please ensure that once the PR is submitted, check Concourse for build
issues and
submit an update to your PR as soon as possible. If you need help, please
send an
email to d...@geode.apache.org.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117296#comment-17117296
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt merged pull request #5131:
URL: https://github.com/apache/geode/pull/5131
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
> at src.EntryConsumer.initialize(EntryConsumer.java:69)
> at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729)
> at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117136#comment-17117136
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117134#comment-17117134
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117115#comment-17117115
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117114#comment-17117114
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117094#comment-17117094
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117095#comment-17117095
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117078#comment-17117078
]
ASF subversion and git services commented on GEODE-8144:
Commit 88e7fd93b5052f7dbfb7e5ec7c3453a0d5825d32 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=88e7fd9 ]
GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117074#comment-17117074
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117073#comment-17117073
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117056#comment-17117056
]
ASF subversion and git services commented on GEODE-8144:
Commit 88e7fd93b5052f7dbfb7e5ec7c3453a0d5825d32 in geode's branch
refs/heads/feature/GEODE-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=88e7fd9 ]
GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17116983#comment-17116983
]
ASF subversion and git services commented on GEODE-8144:
Commit 6f2ec27e7e6c4e30e6341f2a300415ba2d4d3ade in geode's branch
refs/heads/feature/revert-geode-8144 from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=6f2ec27 ]
Revert "GEODE-8144: endpoint identification in servers is not working (#5131)"
This reverts commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3.
The change to InternalLocator to use a canonical hostname caused a
gfsh-windows test to fail. I'm reverting this commit while I look into
the problem.
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
> Fix For: 1.14.0
>
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
> at src.EntryConsumer.initialize(EntryConsumer.java:69)
> at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:198)
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17116805#comment-17116805
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/develop from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17116804#comment-17116804
]
ASF subversion and git services commented on GEODE-8144:
Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch
refs/heads/develop from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ]
GEODE-8144: endpoint identification in servers is not working (#5131)
* GEODE-8144: endpoint identification in servers is not working
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications. I used
Sai's keystore/truststore construction CertificateMaterial/CertStores
classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker
container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
* modified SocketCreator to look for a hostname if one is not present and
endpoint verification is enabled
This fixes some problems when running in docker containers
* removed test shell script
* sanction used of getCanonicalHostName() in SocketCreator
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114177#comment-17114177
]
ASF GitHub Bot commented on GEODE-8144:
---
pivotal-jbarrett commented on a change in pull request #5131:
URL: https://github.com/apache/geode/pull/5131#discussion_r429315845
##
File path:
geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
##
@@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters
modifiedParams, HostAndPort addr) {
return false;
}
-serverNames.add(new SNIHostName(addr.getHostName()));
+String hostName = addr.getHostName();
+if (this.sslConfig.doEndpointIdentification()
+&& InetAddressValidator.getInstance().isValid(hostName)) {
+ // endpoint validation typically uses a hostname in the sniServer
parameter that the handshake
+ // will compare against the subject alternative addresses in the
server's certificate. Here
+ // we attempt to get a hostname instead of the proffered numeric address
+ try {
+hostName = InetAddress.getByName(hostName).getCanonicalHostName();
Review comment:
As you mentioned offline, the same malicious entity could inject the IP
into their SAN and we would validate that. I don't think this code makes
anything any less secure from that standpoint so I am removing my block.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114124#comment-17114124
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt commented on a change in pull request #5131:
URL: https://github.com/apache/geode/pull/5131#discussion_r429282471
##
File path:
geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
##
@@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters
modifiedParams, HostAndPort addr) {
return false;
}
-serverNames.add(new SNIHostName(addr.getHostName()));
+String hostName = addr.getHostName();
+if (this.sslConfig.doEndpointIdentification()
+&& InetAddressValidator.getInstance().isValid(hostName)) {
+ // endpoint validation typically uses a hostname in the sniServer
parameter that the handshake
+ // will compare against the subject alternative addresses in the
server's certificate. Here
+ // we attempt to get a hostname instead of the proffered numeric address
+ try {
+hostName = InetAddress.getByName(hostName).getCanonicalHostName();
Review comment:
@pivotal-jbarrett if you will look at the implementation of
getCanonicalHostName, I think you will find that it already addresses your
concerns. Also, this is just setting the sniServerName field, not redirecting
the socket to connect to a different address.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114106#comment-17114106
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt commented on a change in pull request #5131:
URL: https://github.com/apache/geode/pull/5131#discussion_r429282471
##
File path:
geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
##
@@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters
modifiedParams, HostAndPort addr) {
return false;
}
-serverNames.add(new SNIHostName(addr.getHostName()));
+String hostName = addr.getHostName();
+if (this.sslConfig.doEndpointIdentification()
+&& InetAddressValidator.getInstance().isValid(hostName)) {
+ // endpoint validation typically uses a hostname in the sniServer
parameter that the handshake
+ // will compare against the subject alternative addresses in the
server's certificate. Here
+ // we attempt to get a hostname instead of the proffered numeric address
+ try {
+hostName = InetAddress.getByName(hostName).getCanonicalHostName();
Review comment:
@pivotal-jbarrett if you will look at the implementation of
getCanonicalHostName, I think you will find that it already addresses your
concerns. Also, this is just setting the sniServerName field, not redirecting
the socket to connect to a different address.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114097#comment-17114097
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt commented on a change in pull request #5131:
URL: https://github.com/apache/geode/pull/5131#discussion_r429282471
##
File path:
geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
##
@@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters
modifiedParams, HostAndPort addr) {
return false;
}
-serverNames.add(new SNIHostName(addr.getHostName()));
+String hostName = addr.getHostName();
+if (this.sslConfig.doEndpointIdentification()
+&& InetAddressValidator.getInstance().isValid(hostName)) {
+ // endpoint validation typically uses a hostname in the sniServer
parameter that the handshake
+ // will compare against the subject alternative addresses in the
server's certificate. Here
+ // we attempt to get a hostname instead of the proffered numeric address
+ try {
+hostName = InetAddress.getByName(hostName).getCanonicalHostName();
Review comment:
@pivotal-jbarrett if you will look at the implementation of
getCanonicalHostName, I think you will find that it already addresses your
concerns.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17113679#comment-17113679
]
ASF GitHub Bot commented on GEODE-8144:
---
pivotal-jbarrett commented on a change in pull request #5131:
URL: https://github.com/apache/geode/pull/5131#discussion_r429004979
##
File path:
geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
##
@@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters
modifiedParams, HostAndPort addr) {
return false;
}
-serverNames.add(new SNIHostName(addr.getHostName()));
+String hostName = addr.getHostName();
+if (this.sslConfig.doEndpointIdentification()
+&& InetAddressValidator.getInstance().isValid(hostName)) {
+ // endpoint validation typically uses a hostname in the sniServer
parameter that the handshake
+ // will compare against the subject alternative addresses in the
server's certificate. Here
+ // we attempt to get a hostname instead of the proffered numeric address
+ try {
+hostName = InetAddress.getByName(hostName).getCanonicalHostName();
Review comment:
This strikes me as a security issue. Let's say I issued a start server
with `locators=1.2.3.4`, which is bad but stick with me. Then here we lookup
1.2.3.4's PTR record. What if someone has maliciously inserted themselves into
my DNS resolution path, easy to do with out greater adoption of DNSSEC. So my
reverse lookup finds `1.2.3.4 PTR locator1.malicious.com` and adds
"locator1.malicious.com" to the SNI and proceeds to connect. Then connection is
established to what our network stack thinks is 1.2.3.4, but is really our
malicious router redirecting the connection. Now the malicious host will
respond with a valid signed certificate for "locator1.malicious.com" and we
will happily verify it. Of course that assumes also that the malicious
certificate is signed by someone in our chain of trust. So, not a likely attack
vector since we don't trust the root signers by default but not something a
service that does trust the roots should ever do.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17113289#comment-17113289
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt commented on pull request #5131:
URL: https://github.com/apache/geode/pull/5131#issuecomment-632166879
The locator setting is inserted in `InternalLocator.startDistributedSystem()`
```
private void startDistributedSystem() throws IOException {
InternalDistributedSystem existing =
InternalDistributedSystem.getConnectedInstance();
if (existing != null) {
// LOG: changed from config to info
logger.info("Using existing distributed system: {}", existing);
startCache(existing);
} else {
StringBuilder sb = new StringBuilder(100);
if (bindAddress != null) {
sb.append(bindAddress.getHostAddress()); <<< HERE
} else {
sb.append(LocalHostUtil.getLocalHost().getHostAddress()); <<< and
HERE
}
sb.append('[').append(getPort()).append(']');
String thisLocator = sb.toString();
```
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17112519#comment-17112519
]
ASF GitHub Bot commented on GEODE-8144:
---
Bill commented on pull request #5131:
URL: https://github.com/apache/geode/pull/5131#issuecomment-631650854
Bruce's idea yesterday, of eliminating the numeric IP referencing the local
locator (up) in locator launcher seems like a good one. Jake thought that the
`--bind-address` arg to `gfsh locator start` should do the trick: if that's a
name (not an IP number) it should be passed right through as the way to reach
the local locator.
I spent a little time experimenting with that this morning to try and find
exactly where that reference to the local locator was being generated, and how
to fix it. Here's a test I've been experimenting with (added to
`LocatorLauncherIntegrationTest`):
```
@Test
public void symbolicBindAddressUsedToStartLocator() throws Exception {
// given: a new builder
Builder builder = new Builder();
// when: parsing a symbolic (not-an-IP-number) bind address
builder.parseArguments("start", "--bind-address", "foo");
assertThat(builder.getBindAddress()).isEqualTo(InetAddress.getByName("foo"));
final LocatorLauncher launcher = builder.build();
final Properties dsps = launcher.getDistributedSystemProperties();
// fails: properties has only one property: "name"="foo" ugh
//assertThat(dsps).containsKey(BIND_ADDRESS);
final DistributionConfigImpl distributionConfig = new
DistributionConfigImpl(dsps);
// then: no numeric bind addy's in start command args
// fails: no start locator!
//assertThat(distributionConfig.getStartLocator()).isEqualTo("foo");
// fails: no locators at all
assertThat(distributionConfig.getLocators()).isEqualTo("foo");
}
```
It'll take some more chasing to find it.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by
> TGF for VMs.
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111272#comment-17111272
]
ASF GitHub Bot commented on GEODE-8144:
---
bschuchardt opened a new pull request #5131:
URL: https://github.com/apache/geode/pull/5131
Set the SNI server-name field in SSL parameters for p2p communications,
allowing endpoint identification to work properly.
I modified one of the SNI haproxy tests to have keystores with the
proper subject-alternative-names for p2p communications in the docker
containers and for client/server off-platform communications and enabled
endpoint identification in the test. I used Sai's keystore/truststore
construction
CertificateMaterial/CertStores classes to generate the stores...
.sanDnsName("geode") // for inside the docker container
.sanDnsName("localhost") // for inside the docker container
.sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the
docker container
.sanDnsName(certName) // for client endpoint validation (locator-maeve
for instance)
Thank you for submitting a contribution to Apache Geode.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced in
the commit message?
- [ ] Has your PR been rebased against the latest commit within the target
branch (typically `develop`)?
- [ ] Is your initial contribution a single, squashed commit?
- [ ] Does `gradlew build` run cleanly?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
### Note:
Please ensure that once the PR is submitted, check Concourse for build
issues and
submit an update to your PR as soon as possible. If you need help, please
send an
email to d...@geode.apache.org.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
>
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[
https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17110531#comment-17110531
]
Bruce J Schuchardt commented on GEODE-8144:
---
I've tested this with 1.7, 1.8, 1.9 and 1.10 as well as on develop and
apparently this has never worked in servers. There are unit tests for endpoint
identification but they don't exercise the code paths taken in the TLS
implementation when the server socket is on a different host than the client
socket.
We need to set the "sni servername" in the client's SSLParameters in order to
tell the SSLEngine's hostname verification algorithm the name of the server to
which we intend to connect.
Bill found this relevant page on an IBM website:
[ssl
parameters|https://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/sslparameters.html]
> endpoint identification in servers is not working
> -
>
> Key: GEODE-8144
> URL: https://issues.apache.org/jira/browse/GEODE-8144
> Project: Geode
> Issue Type: Bug
> Components: membership, messaging
>Reporter: Bruce J Schuchardt
>Priority: Major
>
> If you enable endpoint identification in a server the server will not start.
> It will log exceptions like this:
>
> {noformat}
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566)
> at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545)
> at
> sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217)
> at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185)
> at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471)
> at
> org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158)
> at
> org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597)
> at
> org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731)
> at org.apache.geode.internal.tcp.Connection.(Connection.java:1167)
> at
> org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004)
> at
> org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288)
> at
> org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392)
> at
> org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571)
> at
> org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182)
> at
> org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510)
> at
> org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346)
> at
> org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986)
> at
> org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623)
> at
> org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290)
> at
> org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216)
> at
> org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159)
> at src.EntryConsumer.initialize(EntryConsumer.java:69)
> at src.EntryConsumer.main(EntryConsumer.java:340)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>
