This sounds like a bug indeed... I think you should create a Jira ticket for this. I agree with Benjamin Reed that you should start with adding a new test case in the C client. We already have tests for C client using SSL to connect to the server ( https://github.com/apache/zookeeper/blob/701e134dfba721356deac1a20aa80e94ec80484a/zookeeper-client/zookeeper-client-c/tests/TestClient.cc#L882-L890), you can start from this one.
In these tests we are using some dummy certificate / key files, you could modify this file to generate some invalid certificates: https://github.com/apache/zookeeper/blob/master/zookeeper-client/zookeeper-client-c/ssl/gencerts.sh Also, make sure to set (keep the default values) in zoo.cfg for the following parameters: client.portUnification=false and ssl.clientAuth=need (see https://zookeeper.apache.org/doc/r3.6.2/zookeeperAdmin.html ) Best Regards, Mate On Tue, Jan 5, 2021 at 10:46 AM Martin Gainty <[email protected]> wrote: > Unfortunately i cant help you..good luck > > ________________________________ > From: Dipti Mulay <[email protected]> > Sent: Sunday, January 3, 2021 7:29 PM > To: [email protected] <[email protected]> > Subject: Re: TLS certificate error does not return a error to client > > Hi Martin, > > I am using the c-client and not Java. > > Thanks > -Dipti > > On 1/4/21, 5:27 AM, "Martin Gainty" <[email protected]> wrote: > > you will need ssl debugging turned on at jvm invocation > > ________________________________ > From: Benjamin Reed <[email protected]> > Sent: Sunday, January 3, 2021 1:30 PM > To: [email protected] <[email protected]> > Subject: Re: TLS certificate error does not return a error to client > > it sounds like we might be missing a test case. do we not have test > case coverage for this one? > > ben > > On Fri, Jan 1, 2021 at 8:32 PM Dipti Mulay <[email protected]> wrote: > > > > Hi All, > > > > I have been using a zookeeper C-client libraries to communicate with > the Zookeeper Cluster(Ensemble). > > The communication is set to be established using mTLS. > > > > While running some tests I had an incorrect certificate installed on > the client side. I was expecting that the library would return a error > indication AUTH failure or an callback session even indicating a failure. > > But it seems the no error or callback is returned in this case. I > see the loglevel to DEBUG in the client and I don’t see any logs coming out > either. > > > > I intend to write some re-try code and do some alarming based on the > events returned by library . > > > > Any suggestions? > > > > Thanks > > -Parag >
