[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17142146#comment-17142146 ] ASF subversion and git services commented on GEODE-8144: Commit 85a42d5213d784373772e6e39a1f273838b049a4 in geode's branch refs/heads/support/1.13 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=85a42d5 ] GEODE-8144: setting SNI server name is not needed if endpoint verification is disabled (#5250) * GEODE-8144: endpoint identification in servers is not working modified the fix for this issue to not set the SNI server name parameter if endpoint verification is disabled. We're doing this because setting this parameter appears to decrease performance in large performance tests. * changed test to throw exceptions instead of asserting they don't exist * replaced check for SNI server name in SSL parameters with a more in-depth check * SSLParameters.getServerNames() may return a null value (cherry picked from commit b1107d2e403404337c22830a4964eefc2490ef50) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Assignee: Bruce J Schuchardt >Priority: Major > Fix For: 1.13.0, 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17142145#comment-17142145 ] ASF subversion and git services commented on GEODE-8144: Commit 85a42d5213d784373772e6e39a1f273838b049a4 in geode's branch refs/heads/support/1.13 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=85a42d5 ] GEODE-8144: setting SNI server name is not needed if endpoint verification is disabled (#5250) * GEODE-8144: endpoint identification in servers is not working modified the fix for this issue to not set the SNI server name parameter if endpoint verification is disabled. We're doing this because setting this parameter appears to decrease performance in large performance tests. * changed test to throw exceptions instead of asserting they don't exist * replaced check for SNI server name in SSL parameters with a more in-depth check * SSLParameters.getServerNames() may return a null value (cherry picked from commit b1107d2e403404337c22830a4964eefc2490ef50) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Assignee: Bruce J Schuchardt >Priority: Major > Fix For: 1.13.0, 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17137774#comment-17137774 ] ASF subversion and git services commented on GEODE-8144: Commit b1107d2e403404337c22830a4964eefc2490ef50 in geode's branch refs/heads/develop from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b1107d2 ] GEODE-8144: setting SNI server name is not needed if endpoint verification is disabled (#5250) * GEODE-8144: endpoint identification in servers is not working modified the fix for this issue to not set the SNI server name parameter if endpoint verification is disabled. We're doing this because setting this parameter appears to decrease performance in large performance tests. * changed test to throw exceptions instead of asserting they don't exist * replaced check for SNI server name in SSL parameters with a more in-depth check * SSLParameters.getServerNames() may return a null value > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Assignee: Bruce J Schuchardt >Priority: Major > Fix For: 1.13.0, 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17137773#comment-17137773 ] ASF subversion and git services commented on GEODE-8144: Commit b1107d2e403404337c22830a4964eefc2490ef50 in geode's branch refs/heads/develop from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b1107d2 ] GEODE-8144: setting SNI server name is not needed if endpoint verification is disabled (#5250) * GEODE-8144: endpoint identification in servers is not working modified the fix for this issue to not set the SNI server name parameter if endpoint verification is disabled. We're doing this because setting this parameter appears to decrease performance in large performance tests. * changed test to throw exceptions instead of asserting they don't exist * replaced check for SNI server name in SSL parameters with a more in-depth check * SSLParameters.getServerNames() may return a null value > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Assignee: Bruce J Schuchardt >Priority: Major > Fix For: 1.13.0, 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17137665#comment-17137665 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt merged pull request #5250: URL: https://github.com/apache/geode/pull/5250 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Assignee: Bruce J Schuchardt >Priority: Major > Fix For: 1.13.0, 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at > org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159) > at src.EntryConsumer.initialize(EntryConsumer.java:69) > at src.EntryConsumer.main(EntryConsumer.java:340) > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) > at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17136028#comment-17136028 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt opened a new pull request #5250: URL: https://github.com/apache/geode/pull/5250 I've modified the fix for GEODE-8144 to not set the SNI server name parameter if endpoint verification is disabled. The parameter is only needed if endpoint verification is enabled. Some performance tests that had endpoint identification disabled were showing degraded perf. Thank you for submitting a contribution to Apache Geode. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [ ] Is your initial contribution a single, squashed commit? - [ ] Does `gradlew build` run cleanly? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? ### Note: Please ensure that once the PR is submitted, check Concourse for build issues and submit an update to your PR as soon as possible. If you need help, please send an email to d...@geode.apache.org. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Assignee: Bruce J Schuchardt >Priority: Major > Fix For: 1.13.0, 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119101#comment-17119101 ] ASF subversion and git services commented on GEODE-8144: Commit 367e0a1557307ab6b8ba30c5a8b8c15324f6b552 in geode's branch refs/heads/support/1.13 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=367e0a1 ] GEODE-8144 another attempt to fix a failing test (#5172) one more test change (cherry picked from commit 42c11640c75ae87038e07cbde3c98a3ca6b36987) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at > org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159) > at src.EntryConsumer.initialize(EntryConsumer.java:69) > at src.EntryConsumer.main(EntryConsumer.java:340) > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:333) > at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119004#comment-17119004 ] ASF subversion and git services commented on GEODE-8144: Commit 207e3ee0c3aae704216bd0e9ec1275606b9116a2 in geode's branch refs/heads/support/1.13 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=207e3ee ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator (cherry picked from commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119007#comment-17119007 ] ASF subversion and git services commented on GEODE-8144: Commit bcc097a6dda38ab276720521ab0308cef7a4c1be in geode's branch refs/heads/support/1.13 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=bcc097a ] GEODE-8144 another attempt to fix a failing test (#5172) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * GEODE-8144 another attempt to fix a failing test The JMX tests in this test class use "localhost" to connect to a Manager. This is being transformed somehow into an IP numeric address and is failing endpoint verification. The test passes on my Windows machine and also passes on Mac and Ubuntu when I run it there. I'm adding the "localhost" IP address to the certificate to get past this. Another fix would be to change the Rule that's using "localhost" to use the real host name but that would affect a lot of other tests. Before I started messing with this test it was adding InetAddress.getLocalHost() as an IP address to the certificate so I don't think this is a big change to the original test. The test now uses LocalHostUtils.getLocalHost() to get an IP to add to the certificate, which is the correct "localhost" to use with Geode. (cherry picked from commit 42c11640c75ae87038e07cbde3c98a3ca6b36987) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119003#comment-17119003 ] ASF subversion and git services commented on GEODE-8144: Commit 207e3ee0c3aae704216bd0e9ec1275606b9116a2 in geode's branch refs/heads/support/1.13 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=207e3ee ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator (cherry picked from commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17119006#comment-17119006 ] ASF subversion and git services commented on GEODE-8144: Commit bcc097a6dda38ab276720521ab0308cef7a4c1be in geode's branch refs/heads/support/1.13 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=bcc097a ] GEODE-8144 another attempt to fix a failing test (#5172) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * GEODE-8144 another attempt to fix a failing test The JMX tests in this test class use "localhost" to connect to a Manager. This is being transformed somehow into an IP numeric address and is failing endpoint verification. The test passes on my Windows machine and also passes on Mac and Ubuntu when I run it there. I'm adding the "localhost" IP address to the certificate to get past this. Another fix would be to change the Rule that's using "localhost" to use the real host name but that would affect a lot of other tests. Before I started messing with this test it was adding InetAddress.getLocalHost() as an IP address to the certificate so I don't think this is a big change to the original test. The test now uses LocalHostUtils.getLocalHost() to get an IP to add to the certificate, which is the correct "localhost" to use with Geode. (cherry picked from commit 42c11640c75ae87038e07cbde3c98a3ca6b36987) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118170#comment-17118170 ] ASF subversion and git services commented on GEODE-8144: Commit 42c11640c75ae87038e07cbde3c98a3ca6b36987 in geode's branch refs/heads/develop from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=42c1164 ] GEODE-8144 another attempt to fix a failing test (#5172) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * GEODE-8144 another attempt to fix a failing test The JMX tests in this test class use "localhost" to connect to a Manager. This is being transformed somehow into an IP numeric address and is failing endpoint verification. The test passes on my Windows machine and also passes on Mac and Ubuntu when I run it there. I'm adding the "localhost" IP address to the certificate to get past this. Another fix would be to change the Rule that's using "localhost" to use the real host name but that would affect a lot of other tests. Before I started messing with this test it was adding InetAddress.getLocalHost() as an IP address to the certificate so I don't think this is a big change to the original test. The test now uses LocalHostUtils.getLocalHost() to get an IP to add to the certificate, which is the correct "localhost" to use with Geode. > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118169#comment-17118169 ] ASF subversion and git services commented on GEODE-8144: Commit 42c11640c75ae87038e07cbde3c98a3ca6b36987 in geode's branch refs/heads/develop from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=42c1164 ] GEODE-8144 another attempt to fix a failing test (#5172) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * GEODE-8144 another attempt to fix a failing test The JMX tests in this test class use "localhost" to connect to a Manager. This is being transformed somehow into an IP numeric address and is failing endpoint verification. The test passes on my Windows machine and also passes on Mac and Ubuntu when I run it there. I'm adding the "localhost" IP address to the certificate to get past this. Another fix would be to change the Rule that's using "localhost" to use the real host name but that would affect a lot of other tests. Before I started messing with this test it was adding InetAddress.getLocalHost() as an IP address to the certificate so I don't think this is a big change to the original test. The test now uses LocalHostUtils.getLocalHost() to get an IP to add to the certificate, which is the correct "localhost" to use with Geode. > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118168#comment-17118168 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt merged pull request #5172: URL: https://github.com/apache/geode/pull/5172 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at > org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159) > at src.EntryConsumer.initialize(EntryConsumer.java:69) > at src.EntryConsumer.main(EntryConsumer.java:340) > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729) > at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118143#comment-17118143 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt opened a new pull request #5172: URL: https://github.com/apache/geode/pull/5172 The JMX tests in this test class use "localhost" to connect to a Manager. This is being transformed somehow into an IP numeric address and is failing endpoint verification. The test passes on my Windows machine and also passes on Mac and Ubuntu when I run it there. I'm adding the "localhost" IP address to the certificate to get past this. Another fix would be to change the Rule that's using "localhost" to use the real host name but that would affect a lot of other tests. Before I started messing with this test it was adding InetAddress.getLocalHost() as an IP address to the certificate so I don't think this is a big change to the original test. The test now uses LocalHostUtils.getLocalHost() to get an IP to add to the certificate, which is the correct "localhost" to use with Geode. Thank you for submitting a contribution to Apache Geode. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [ ] Is your initial contribution a single, squashed commit? - [ ] Does `gradlew build` run cleanly? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? ### Note: Please ensure that once the PR is submitted, check Concourse for build issues and submit an update to your PR as soon as possible. If you need help, please send an email to d...@geode.apache.org. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17118138#comment-17118138 ] ASF subversion and git services commented on GEODE-8144: Commit d5cdaf09f560f84ab2adb0abde6ddb10ab3e5a7e in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=d5cdaf0 ] GEODE-8144 another attempt to fix a failing test The JMX tests in this test class use "localhost" to connect to a Manager. This is being transformed somehow into an IP numeric address and is failing endpoint verification. The test passes on my Windows machine and also passes on Mac and Ubuntu when I run it there. I'm adding the "localhost" IP address to the certificate to get past this. Another fix would be to change the Rule that's using "localhost" to use the real host name but that would affect a lot of other tests. Before I started messing with this test it was adding InetAddress.getLocalHost() as an IP address to the certificate so I don't think this is a big change to the original test. The test now uses LocalHostUtils.getLocalHost() to get an IP to add to the certificate, which is the correct "localhost" to use with Geode. > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117901#comment-17117901 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt closed pull request #5163: URL: https://github.com/apache/geode/pull/5163 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at > org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159) > at src.EntryConsumer.initialize(EntryConsumer.java:69) > at src.EntryConsumer.main(EntryConsumer.java:340) > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729) > at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117335#comment-17117335 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt opened a new pull request #5163: URL: https://github.com/apache/geode/pull/5163 … (#5131)" This reverts commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3. The change to InternalLocator to use a canonical hostname caused a gfsh-windows test to fail. I'm reverting this commit while I look into the problem. Thank you for submitting a contribution to Apache Geode. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [ ] Is your initial contribution a single, squashed commit? - [ ] Does `gradlew build` run cleanly? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? ### Note: Please ensure that once the PR is submitted, check Concourse for build issues and submit an update to your PR as soon as possible. If you need help, please send an email to d...@geode.apache.org. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117296#comment-17117296 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt merged pull request #5131: URL: https://github.com/apache/geode/pull/5131 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at > org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159) > at src.EntryConsumer.initialize(EntryConsumer.java:69) > at src.EntryConsumer.main(EntryConsumer.java:340) > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1729) > at
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117136#comment-17117136 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117134#comment-17117134 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117115#comment-17117115 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117114#comment-17117114 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117094#comment-17117094 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117095#comment-17117095 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117078#comment-17117078 ] ASF subversion and git services commented on GEODE-8144: Commit 88e7fd93b5052f7dbfb7e5ec7c3453a0d5825d32 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=88e7fd9 ] GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117074#comment-17117074 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117073#comment-17117073 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17117056#comment-17117056 ] ASF subversion and git services commented on GEODE-8144: Commit 88e7fd93b5052f7dbfb7e5ec7c3453a0d5825d32 in geode's branch refs/heads/feature/GEODE-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=88e7fd9 ] GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17116983#comment-17116983 ] ASF subversion and git services commented on GEODE-8144: Commit 6f2ec27e7e6c4e30e6341f2a300415ba2d4d3ade in geode's branch refs/heads/feature/revert-geode-8144 from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=6f2ec27 ] Revert "GEODE-8144: endpoint identification in servers is not working (#5131)" This reverts commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3. The change to InternalLocator to use a canonical hostname caused a gfsh-windows test to fail. I'm reverting this commit while I look into the problem. > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > Fix For: 1.14.0 > > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at > org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159) > at src.EntryConsumer.initialize(EntryConsumer.java:69) > at src.EntryConsumer.main(EntryConsumer.java:340) > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Alerts.getSSLException(Alerts.java:198) >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17116805#comment-17116805 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/develop from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17116804#comment-17116804 ] ASF subversion and git services commented on GEODE-8144: Commit b22df8cf0f11b73237dd88dc1de9217f5f7cc8c3 in geode's branch refs/heads/develop from Bruce Schuchardt [ https://gitbox.apache.org/repos/asf?p=geode.git;h=b22df8c ] GEODE-8144: endpoint identification in servers is not working (#5131) * GEODE-8144: endpoint identification in servers is not working Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) * modified SocketCreator to look for a hostname if one is not present and endpoint verification is enabled This fixes some problems when running in docker containers * removed test shell script * sanction used of getCanonicalHostName() in SocketCreator > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114177#comment-17114177 ] ASF GitHub Bot commented on GEODE-8144: --- pivotal-jbarrett commented on a change in pull request #5131: URL: https://github.com/apache/geode/pull/5131#discussion_r429315845 ## File path: geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java ## @@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters modifiedParams, HostAndPort addr) { return false; } -serverNames.add(new SNIHostName(addr.getHostName())); +String hostName = addr.getHostName(); +if (this.sslConfig.doEndpointIdentification() +&& InetAddressValidator.getInstance().isValid(hostName)) { + // endpoint validation typically uses a hostname in the sniServer parameter that the handshake + // will compare against the subject alternative addresses in the server's certificate. Here + // we attempt to get a hostname instead of the proffered numeric address + try { +hostName = InetAddress.getByName(hostName).getCanonicalHostName(); Review comment: As you mentioned offline, the same malicious entity could inject the IP into their SAN and we would validate that. I don't think this code makes anything any less secure from that standpoint so I am removing my block. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114124#comment-17114124 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt commented on a change in pull request #5131: URL: https://github.com/apache/geode/pull/5131#discussion_r429282471 ## File path: geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java ## @@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters modifiedParams, HostAndPort addr) { return false; } -serverNames.add(new SNIHostName(addr.getHostName())); +String hostName = addr.getHostName(); +if (this.sslConfig.doEndpointIdentification() +&& InetAddressValidator.getInstance().isValid(hostName)) { + // endpoint validation typically uses a hostname in the sniServer parameter that the handshake + // will compare against the subject alternative addresses in the server's certificate. Here + // we attempt to get a hostname instead of the proffered numeric address + try { +hostName = InetAddress.getByName(hostName).getCanonicalHostName(); Review comment: @pivotal-jbarrett if you will look at the implementation of getCanonicalHostName, I think you will find that it already addresses your concerns. Also, this is just setting the sniServerName field, not redirecting the socket to connect to a different address. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114106#comment-17114106 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt commented on a change in pull request #5131: URL: https://github.com/apache/geode/pull/5131#discussion_r429282471 ## File path: geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java ## @@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters modifiedParams, HostAndPort addr) { return false; } -serverNames.add(new SNIHostName(addr.getHostName())); +String hostName = addr.getHostName(); +if (this.sslConfig.doEndpointIdentification() +&& InetAddressValidator.getInstance().isValid(hostName)) { + // endpoint validation typically uses a hostname in the sniServer parameter that the handshake + // will compare against the subject alternative addresses in the server's certificate. Here + // we attempt to get a hostname instead of the proffered numeric address + try { +hostName = InetAddress.getByName(hostName).getCanonicalHostName(); Review comment: @pivotal-jbarrett if you will look at the implementation of getCanonicalHostName, I think you will find that it already addresses your concerns. Also, this is just setting the sniServerName field, not redirecting the socket to connect to a different address. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17114097#comment-17114097 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt commented on a change in pull request #5131: URL: https://github.com/apache/geode/pull/5131#discussion_r429282471 ## File path: geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java ## @@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters modifiedParams, HostAndPort addr) { return false; } -serverNames.add(new SNIHostName(addr.getHostName())); +String hostName = addr.getHostName(); +if (this.sslConfig.doEndpointIdentification() +&& InetAddressValidator.getInstance().isValid(hostName)) { + // endpoint validation typically uses a hostname in the sniServer parameter that the handshake + // will compare against the subject alternative addresses in the server's certificate. Here + // we attempt to get a hostname instead of the proffered numeric address + try { +hostName = InetAddress.getByName(hostName).getCanonicalHostName(); Review comment: @pivotal-jbarrett if you will look at the implementation of getCanonicalHostName, I think you will find that it already addresses your concerns. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17113679#comment-17113679 ] ASF GitHub Bot commented on GEODE-8144: --- pivotal-jbarrett commented on a change in pull request #5131: URL: https://github.com/apache/geode/pull/5131#discussion_r429004979 ## File path: geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java ## @@ -791,7 +792,19 @@ private boolean setServerNames(SSLParameters modifiedParams, HostAndPort addr) { return false; } -serverNames.add(new SNIHostName(addr.getHostName())); +String hostName = addr.getHostName(); +if (this.sslConfig.doEndpointIdentification() +&& InetAddressValidator.getInstance().isValid(hostName)) { + // endpoint validation typically uses a hostname in the sniServer parameter that the handshake + // will compare against the subject alternative addresses in the server's certificate. Here + // we attempt to get a hostname instead of the proffered numeric address + try { +hostName = InetAddress.getByName(hostName).getCanonicalHostName(); Review comment: This strikes me as a security issue. Let's say I issued a start server with `locators=1.2.3.4`, which is bad but stick with me. Then here we lookup 1.2.3.4's PTR record. What if someone has maliciously inserted themselves into my DNS resolution path, easy to do with out greater adoption of DNSSEC. So my reverse lookup finds `1.2.3.4 PTR locator1.malicious.com` and adds "locator1.malicious.com" to the SNI and proceeds to connect. Then connection is established to what our network stack thinks is 1.2.3.4, but is really our malicious router redirecting the connection. Now the malicious host will respond with a valid signed certificate for "locator1.malicious.com" and we will happily verify it. Of course that assumes also that the malicious certificate is signed by someone in our chain of trust. So, not a likely attack vector since we don't trust the root signers by default but not something a service that does trust the roots should ever do. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17113289#comment-17113289 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt commented on pull request #5131: URL: https://github.com/apache/geode/pull/5131#issuecomment-632166879 The locator setting is inserted in `InternalLocator.startDistributedSystem()` ``` private void startDistributedSystem() throws IOException { InternalDistributedSystem existing = InternalDistributedSystem.getConnectedInstance(); if (existing != null) { // LOG: changed from config to info logger.info("Using existing distributed system: {}", existing); startCache(existing); } else { StringBuilder sb = new StringBuilder(100); if (bindAddress != null) { sb.append(bindAddress.getHostAddress()); <<< HERE } else { sb.append(LocalHostUtil.getLocalHost().getHostAddress()); <<< and HERE } sb.append('[').append(getPort()).append(']'); String thisLocator = sb.toString(); ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17112519#comment-17112519 ] ASF GitHub Bot commented on GEODE-8144: --- Bill commented on pull request #5131: URL: https://github.com/apache/geode/pull/5131#issuecomment-631650854 Bruce's idea yesterday, of eliminating the numeric IP referencing the local locator (up) in locator launcher seems like a good one. Jake thought that the `--bind-address` arg to `gfsh locator start` should do the trick: if that's a name (not an IP number) it should be passed right through as the way to reach the local locator. I spent a little time experimenting with that this morning to try and find exactly where that reference to the local locator was being generated, and how to fix it. Here's a test I've been experimenting with (added to `LocatorLauncherIntegrationTest`): ``` @Test public void symbolicBindAddressUsedToStartLocator() throws Exception { // given: a new builder Builder builder = new Builder(); // when: parsing a symbolic (not-an-IP-number) bind address builder.parseArguments("start", "--bind-address", "foo"); assertThat(builder.getBindAddress()).isEqualTo(InetAddress.getByName("foo")); final LocatorLauncher launcher = builder.build(); final Properties dsps = launcher.getDistributedSystemProperties(); // fails: properties has only one property: "name"="foo" ugh //assertThat(dsps).containsKey(BIND_ADDRESS); final DistributionConfigImpl distributionConfig = new DistributionConfigImpl(dsps); // then: no numeric bind addy's in start command args // fails: no start locator! //assertThat(distributionConfig.getStartLocator()).isEqualTo("foo"); // fails: no locators at all assertThat(distributionConfig.getLocators()).isEqualTo("foo"); } ``` It'll take some more chasing to find it. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > *update 5/20/2020*: this needs to be ported to 1.13 so it's picked up ASAP by > TGF for VMs. > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17111272#comment-17111272 ] ASF GitHub Bot commented on GEODE-8144: --- bschuchardt opened a new pull request #5131: URL: https://github.com/apache/geode/pull/5131 Set the SNI server-name field in SSL parameters for p2p communications, allowing endpoint identification to work properly. I modified one of the SNI haproxy tests to have keystores with the proper subject-alternative-names for p2p communications in the docker containers and for client/server off-platform communications and enabled endpoint identification in the test. I used Sai's keystore/truststore construction CertificateMaterial/CertStores classes to generate the stores... .sanDnsName("geode") // for inside the docker container .sanDnsName("localhost") // for inside the docker container .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container .sanDnsName(certName) // for client endpoint validation (locator-maeve for instance) Thank you for submitting a contribution to Apache Geode. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [ ] Is your initial contribution a single, squashed commit? - [ ] Does `gradlew build` run cleanly? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? ### Note: Please ensure that once the PR is submitted, check Concourse for build issues and submit an update to your PR as soon as possible. If you need help, please send an email to d...@geode.apache.org. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) >
[jira] [Commented] (GEODE-8144) endpoint identification in servers is not working
[ https://issues.apache.org/jira/browse/GEODE-8144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17110531#comment-17110531 ] Bruce J Schuchardt commented on GEODE-8144: --- I've tested this with 1.7, 1.8, 1.9 and 1.10 as well as on develop and apparently this has never worked in servers. There are unit tests for endpoint identification but they don't exercise the code paths taken in the TLS implementation when the server socket is on a different host than the client socket. We need to set the "sni servername" in the client's SSLParameters in order to tell the SSLEngine's hostname verification algorithm the name of the server to which we intend to connect. Bill found this relevant page on an IBM website: [ssl parameters|https://www.ibm.com/support/knowledgecenter/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/sslparameters.html] > endpoint identification in servers is not working > - > > Key: GEODE-8144 > URL: https://issues.apache.org/jira/browse/GEODE-8144 > Project: Geode > Issue Type: Bug > Components: membership, messaging >Reporter: Bruce J Schuchardt >Priority: Major > > If you enable endpoint identification in a server the server will not start. > It will log exceptions like this: > > {noformat} > javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1566) > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:545) > at > sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1217) > at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1185) > at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:471) > at > org.apache.geode.internal.net.NioSslEngine.handshake(NioSslEngine.java:158) > at > org.apache.geode.internal.net.SocketCreator.handshakeSSLSocketChannel(SocketCreator.java:597) > at > org.apache.geode.internal.tcp.Connection.createIoFilter(Connection.java:1731) > at org.apache.geode.internal.tcp.Connection.(Connection.java:1167) > at > org.apache.geode.internal.tcp.Connection.createSender(Connection.java:1004) > at > org.apache.geode.internal.tcp.ConnectionTable.handleNewPendingConnection(ConnectionTable.java:288) > at > org.apache.geode.internal.tcp.ConnectionTable.getSharedConnection(ConnectionTable.java:392) > at > org.apache.geode.internal.tcp.ConnectionTable.get(ConnectionTable.java:571) > at > org.apache.geode.internal.tcp.TCPConduit.getConnection(TCPConduit.java:800) > at > org.apache.geode.distributed.internal.direct.DirectChannel.getConnections(DirectChannel.java:451) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToMany(DirectChannel.java:268) > at > org.apache.geode.distributed.internal.direct.DirectChannel.sendToOne(DirectChannel.java:182) > at > org.apache.geode.distributed.internal.direct.DirectChannel.send(DirectChannel.java:510) > at > org.apache.geode.distributed.internal.DistributionImpl.directChannelSend(DistributionImpl.java:346) > at > org.apache.geode.distributed.internal.DistributionImpl.send(DistributionImpl.java:291) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendViaMembershipManager(ClusterDistributionManager.java:2058) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendOutgoing(ClusterDistributionManager.java:1986) > at > org.apache.geode.distributed.internal.StartupOperation.sendStartupMessage(StartupOperation.java:74) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.sendStartupMessage(ClusterDistributionManager.java:1623) > at > org.apache.geode.distributed.internal.ClusterDistributionManager.create(ClusterDistributionManager.java:361) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:779) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.access$200(InternalDistributedSystem.java:135) > at > org.apache.geode.distributed.internal.InternalDistributedSystem$Builder.build(InternalDistributedSystem.java:3033) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:290) > at > org.apache.geode.distributed.internal.InternalDistributedSystem.connectInternal(InternalDistributedSystem.java:216) > at > org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:159) > at src.EntryConsumer.initialize(EntryConsumer.java:69) > at src.EntryConsumer.main(EntryConsumer.java:340) > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem >