Thanks Mate. I have created JIRA ticket https://issues.apache.org/jira/browse/ZOOKEEPER-4047 I am fairly new to the zookeeper world. It might take me some time to understand all code and fix this. In the meantime if somebody wants to pick this up and fix it, I will be grateful.
Thanks -Parag On 1/5/21, 4:05 PM, "Szalay-Bekő Máté" <[email protected]> wrote: This sounds like a bug indeed... I think you should create a Jira ticket for this. I agree with Benjamin Reed that you should start with adding a new test case in the C client. We already have tests for C client using SSL to connect to the server ( https://github.com/apache/zookeeper/blob/701e134dfba721356deac1a20aa80e94ec80484a/zookeeper-client/zookeeper-client-c/tests/TestClient.cc#L882-L890), you can start from this one. In these tests we are using some dummy certificate / key files, you could modify this file to generate some invalid certificates: https://github.com/apache/zookeeper/blob/master/zookeeper-client/zookeeper-client-c/ssl/gencerts.sh Also, make sure to set (keep the default values) in zoo.cfg for the following parameters: client.portUnification=false and ssl.clientAuth=need (see https://zookeeper.apache.org/doc/r3.6.2/zookeeperAdmin.html ) Best Regards, Mate On Tue, Jan 5, 2021 at 10:46 AM Martin Gainty <[email protected]> wrote: > Unfortunately i cant help you..good luck > > ________________________________ > From: Dipti Mulay <[email protected]> > Sent: Sunday, January 3, 2021 7:29 PM > To: [email protected] <[email protected]> > Subject: Re: TLS certificate error does not return a error to client > > Hi Martin, > > I am using the c-client and not Java. > > Thanks > -Dipti > > On 1/4/21, 5:27 AM, "Martin Gainty" <[email protected]> wrote: > > you will need ssl debugging turned on at jvm invocation > > ________________________________ > From: Benjamin Reed <[email protected]> > Sent: Sunday, January 3, 2021 1:30 PM > To: [email protected] <[email protected]> > Subject: Re: TLS certificate error does not return a error to client > > it sounds like we might be missing a test case. do we not have test > case coverage for this one? > > ben > > On Fri, Jan 1, 2021 at 8:32 PM Dipti Mulay <[email protected]> wrote: > > > > Hi All, > > > > I have been using a zookeeper C-client libraries to communicate with > the Zookeeper Cluster(Ensemble). > > The communication is set to be established using mTLS. > > > > While running some tests I had an incorrect certificate installed on > the client side. I was expecting that the library would return a error > indication AUTH failure or an callback session even indicating a failure. > > But it seems the no error or callback is returned in this case. I > see the loglevel to DEBUG in the client and I don’t see any logs coming out > either. > > > > I intend to write some re-try code and do some alarming based on the > events returned by library . > > > > Any suggestions? > > > > Thanks > > -Parag >
