Hi, @Nicolò Boschi <boschi1...@gmail.com>
Is your system macOS(arm64)?
Maybe you should set tlsTrustCertsFilePath:
const client = new Pulsar.Client({
tlsTrustCertsFilePath:'/etc/ssl/cert.pem',
});
Thanks,
Baodi Shi
在 2023年2月22日 15:59:28 上,Nicolò Boschi <boschi1...@gmail.com> 写道:
> Hi,
>
> I'm having issues while validating the fix related to the hostname
> verification: https://github.com/apache/pulsar-client-cpp/pull/126
> My usecase is with a valid TLS certificate signed by a CA (not a
> self-signed one).
>
> My code is very simple (see below): it creates a client with token auth +
> TLS and sends some messages.
>
> It works well with node client 1.7.0 with cpp client 3.1.2
> It fails with node client 1.8.0 (as expected)
> It still fails with the rc: 1.8.1-rc.1
>
> (I'm installing the dependency with "npm i pulsar-client@1.8.1-rc.1
> --pulsar_binary_host_mirror=
> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/";
>
> The error I'm seeing is this one:
>
> [INFO][ClientConnection:388] Connected to broker
> [ERROR][ClientConnection:488] Handshake failed: certificate verify failed
> (SSL routines, tls_process_server_certificate)
> [INFO][ClientConnection:1600] Connection closed with ConnectError
>
> Note that setting `tlsValidateHostname: true` "resolves" the problem,
> however it's not acceptable as you know.
>
> I'm pretty sure that it's related to the cpp client dependency, however I'm
> not very familiar with it and how it's bundled in the node client >= 1.8.0
> Is there a way to verify if the bundled cpp client is actually the
> expected one?
>
>
>
> This is the code snippet:
> ```
> const tokenStr = asToken;
> const pulsarUri = pulsarUrl;
> const topicName = asTopic;
>
> const auth = new Pulsar.AuthenticationToken({ token: tokenStr });
> const client = new Pulsar.Client({
> serviceUrl: pulsarUri,
> authentication: auth,
> operationTimeoutSeconds: 30,
> tlsCertificateFilePath: "",
> tlsValidateHostname: false
> });
> Pulsar.Client.setLogHandler((level, file, line, message) => {
> console.log('[%s][%s:%d] %s', Pulsar.LogLevel.toString(level), file,
> line, message);
> });
>
> const producer = await client.createProducer({
> topic: topicName,
> })
>
> for (let i = 0; i < 10; i += 1) {
> await producer.send({
> data: Buffer.from("nodejs-message-" + i),
> });
> console.log("send message " + i);
> }
> await producer.flush();
> await producer.close();
> await client.close();
>
> ```
>
> Thanks,
> Nicolò Boschi
>
>
> Il giorno mer 22 feb 2023 alle ore 08:02 Yunze Xu
> <y...@streamnative.io.invalid> ha scritto:
>
> +1 (binding)
>
> * Verified checksum and signature
>
> * Build from source
>
> * Install from npm on Ubuntu 20.04
>
> * Run an end-to-end test with custom `tlsTrustCertsFilePath` config on
>
> StreamNative cloud with OAuth2 authentication
>
>
> BTW, from the discussion here [1], it would be better to use
>
> https://downloads.apache.org/pulsar/KEYS as the KEYS,
>
>
> [1] https://lists.apache.org/thread/f9w430oqpm0g72b1htwbtc8y3mfqf8r6
>
>
> Thanks,
>
> Yunze
>
>
> On Mon, Feb 20, 2023 at 5:36 PM Nozomi Kurihara <nkuri...@apache.org>
>
> wrote:
>
> >
>
> > +1 (binding)
>
> >
>
> > * checked license headers
>
> > * verified checksum and signature
>
> > * install from npm and run producer/consumer
>
> >
>
> > Thanks,
>
> > Nozomi
>
> >
>
> > 2023年2月17日(金) 19:12 Baodi Shi <ba...@apache.org>:
>
> >
>
> > > Hi everyone,
>
> > >
>
> > > This is the first release candidate for Apache Pulsar Node.js client,
>
> > > version 1.8.1.
>
> > >
>
> > > It fixes the following
>
> > > issues:
>
> > >
>
>
> https://github.com/apache/pulsar-client-node/pulls?q=is%3Apr+label%3Arelease%2Fv1.8.1+is%3Aclosed
>
> > >
>
> > > Please download the source files and review this release candidate:
>
> > > - Download the source package, verify shasum and asc
>
> > > - Follow the README.md to build and run the Pulsar Node.js client.
>
> > >
>
> > > The release candidate package has been published to the npm
>
> > > registry:https://www.npmjs.com/package/pulsar-client/v/1.8.1-rc.1
>
> > > You can install it by `npm i pulsar-client@1.8.1-rc.1
>
> > > --pulsar_binary_host_mirror=
>
> > > https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/`
>
> <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/>
>
> > > <https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/>
>
> > > and verify the package.
>
> > >
>
> > > The vote will be open for at least 72 hours. It is adopted by majority
>
> > > approval, with at least 3 PMC affirmative votes.
>
> > >
>
> > > Source files:
>
> > >
>
>
> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-client-node/pulsar-client-node-1.8.1-rc.1/
>
> > >
>
> > > Pulsar's KEYS file containing PGP keys we use to sign the
>
> > > release:https://dist.apache.org/repos/dist/dev/pulsar/KEYS
>
> > >
>
> > > SHA-512 checksum:
>
> > >
>
> > >
>
>
> ed89b4ad467d3cb75ed37096b35d91b872cd93d36cd953512fc7edcb75dbac5162592f6f51b5ab08f26b3dca1c57a3d3fe7a5e4f109551c66943a5b09392d51a
>
> > > apache-pulsar-client-node-1.8.1.tar.gz
>
> > > The tag to be voted upon:
>
> > > v1.8.1-rc.1(3e843f0)
>
> > > https://github.com/apache/pulsar-client-node/releases/tag/v1.8.1-rc.1
>
> > >
>
> > > Please review and vote on the release candidate #1 for the version
>
> > > 1.8.1, as follows:
>
> > > [ ] +1, Approve the release
>
> > > [ ] -1, Do not approve the release (please provide specific comments)
>
> > >
>
> > >
>
> > >
>
> > >
>
> > > Thanks,
>
> > > Baodi Shi
>
> > >
>
>
>
