Hi, @Nicolò Boschi <boschi1...@gmail.com> Is your system macOS(arm64)?
Maybe you should set tlsTrustCertsFilePath: const client = new Pulsar.Client({ tlsTrustCertsFilePath:'/etc/ssl/cert.pem', }); Thanks, Baodi Shi 在 2023年2月22日 15:59:28 上,Nicolò Boschi <boschi1...@gmail.com> 写道: > Hi, > > I'm having issues while validating the fix related to the hostname > verification: https://github.com/apache/pulsar-client-cpp/pull/126 > My usecase is with a valid TLS certificate signed by a CA (not a > self-signed one). > > My code is very simple (see below): it creates a client with token auth + > TLS and sends some messages. > > It works well with node client 1.7.0 with cpp client 3.1.2 > It fails with node client 1.8.0 (as expected) > It still fails with the rc: 1.8.1-rc.1 > > (I'm installing the dependency with "npm i pulsar-client@1.8.1-rc.1 > --pulsar_binary_host_mirror= > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/" > > The error I'm seeing is this one: > > [INFO][ClientConnection:388] Connected to broker > [ERROR][ClientConnection:488] Handshake failed: certificate verify failed > (SSL routines, tls_process_server_certificate) > [INFO][ClientConnection:1600] Connection closed with ConnectError > > Note that setting `tlsValidateHostname: true` "resolves" the problem, > however it's not acceptable as you know. > > I'm pretty sure that it's related to the cpp client dependency, however I'm > not very familiar with it and how it's bundled in the node client >= 1.8.0 > Is there a way to verify if the bundled cpp client is actually the > expected one? > > > > This is the code snippet: > ``` > const tokenStr = asToken; > const pulsarUri = pulsarUrl; > const topicName = asTopic; > > const auth = new Pulsar.AuthenticationToken({ token: tokenStr }); > const client = new Pulsar.Client({ > serviceUrl: pulsarUri, > authentication: auth, > operationTimeoutSeconds: 30, > tlsCertificateFilePath: "", > tlsValidateHostname: false > }); > Pulsar.Client.setLogHandler((level, file, line, message) => { > console.log('[%s][%s:%d] %s', Pulsar.LogLevel.toString(level), file, > line, message); > }); > > const producer = await client.createProducer({ > topic: topicName, > }) > > for (let i = 0; i < 10; i += 1) { > await producer.send({ > data: Buffer.from("nodejs-message-" + i), > }); > console.log("send message " + i); > } > await producer.flush(); > await producer.close(); > await client.close(); > > ``` > > Thanks, > Nicolò Boschi > > > Il giorno mer 22 feb 2023 alle ore 08:02 Yunze Xu > <y...@streamnative.io.invalid> ha scritto: > > +1 (binding) > > * Verified checksum and signature > > * Build from source > > * Install from npm on Ubuntu 20.04 > > * Run an end-to-end test with custom `tlsTrustCertsFilePath` config on > > StreamNative cloud with OAuth2 authentication > > > BTW, from the discussion here [1], it would be better to use > > https://downloads.apache.org/pulsar/KEYS as the KEYS, > > > [1] https://lists.apache.org/thread/f9w430oqpm0g72b1htwbtc8y3mfqf8r6 > > > Thanks, > > Yunze > > > On Mon, Feb 20, 2023 at 5:36 PM Nozomi Kurihara <nkuri...@apache.org> > > wrote: > > > > > > +1 (binding) > > > > > > * checked license headers > > > * verified checksum and signature > > > * install from npm and run producer/consumer > > > > > > Thanks, > > > Nozomi > > > > > > 2023年2月17日(金) 19:12 Baodi Shi <ba...@apache.org>: > > > > > > > Hi everyone, > > > > > > > > This is the first release candidate for Apache Pulsar Node.js client, > > > > version 1.8.1. > > > > > > > > It fixes the following > > > > issues: > > > > > > > https://github.com/apache/pulsar-client-node/pulls?q=is%3Apr+label%3Arelease%2Fv1.8.1+is%3Aclosed > > > > > > > > Please download the source files and review this release candidate: > > > > - Download the source package, verify shasum and asc > > > > - Follow the README.md to build and run the Pulsar Node.js client. > > > > > > > > The release candidate package has been published to the npm > > > > registry:https://www.npmjs.com/package/pulsar-client/v/1.8.1-rc.1 > > > > You can install it by `npm i pulsar-client@1.8.1-rc.1 > > > > --pulsar_binary_host_mirror= > > > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/` > > <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/> > > > > <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/> > > > > and verify the package. > > > > > > > > The vote will be open for at least 72 hours. It is adopted by majority > > > > approval, with at least 3 PMC affirmative votes. > > > > > > > > Source files: > > > > > > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/pulsar-client-node-1.8.1-rc.1/ > > > > > > > > Pulsar's KEYS file containing PGP keys we use to sign the > > > > release:https://dist.apache.org/repos/dist/dev/pulsar/KEYS > > > > > > > > SHA-512 checksum: > > > > > > > > > > > ed89b4ad467d3cb75ed37096b35d91b872cd93d36cd953512fc7edcb75dbac5162592f6f51b5ab08f26b3dca1c57a3d3fe7a5e4f109551c66943a5b09392d51a > > > > apache-pulsar-client-node-1.8.1.tar.gz > > > > The tag to be voted upon: > > > > v1.8.1-rc.1(3e843f0) > > > > https://github.com/apache/pulsar-client-node/releases/tag/v1.8.1-rc.1 > > > > > > > > Please review and vote on the release candidate #1 for the version > > > > 1.8.1, as follows: > > > > [ ] +1, Approve the release > > > > [ ] -1, Do not approve the release (please provide specific comments) > > > > > > > > > > > > > > > > > > > > Thanks, > > > > Baodi Shi > > > > > > >