[jira] [Commented] (GEODE-7583) "status locator --name/--dir" is not working properly when locator ssl is enabled

Wed, 18 Dec 2019 08:48:16 -0800 


    [ 
https://issues.apache.org/jira/browse/GEODE-7583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16999324#comment-16999324
 ] 

Jinmei Liao commented on GEODE-7583:
------------------------------------

Here is what I found out for status locator command
 # it needs to retrieve two sets of info from locator: general info like (pid, 
working dir, status, jvm args etc) and whether cluster configuration service is 
running or not.
 # when locator’s ssl is on, the retrieval of the cluster configuration info 
will always fail since it’s using a tcp connection to get that info and we 
currently don’t have the ssl security properties to connect.
 # when locator’s ssl is on, the retrieval of the general info will mostly 
succeed except when user is only providing a host and port, there we would also 
need the ssl security properties in order to create a ssl socket.

 

I think in order for status locator to work again on ssl enabled locator’s, we 
will have to add an option in the status locator command to include the 
--security-properties-file to specify the ssl information.

> "status locator --name/--dir" is not working properly when locator ssl is 
> enabled
> ---------------------------------------------------------------------------------
>
>                 Key: GEODE-7583
>                 URL: https://issues.apache.org/jira/browse/GEODE-7583
>             Project: Geode
>          Issue Type: Bug
>          Components: gfsh
>    Affects Versions: 1.8.0, 1.9.0, 1.10.0, 1.11.0
>            Reporter: Jinmei Liao
>            Priority: Major
>
> in 1.8: 
> 1. start a locator with ssl enabled
> 2. "status locator --dir" or "status locator --name" would trigger such error 
> messages in the locator log:
> {quote}[info 2019/12/16 08:57:39.958 PST locator <locator request thread 1> 
> tid=0x23] Exception in processing request from 10.118.20.75
> javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
>       at 
> sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710)
>       at sun.security.ssl.InputRecord.read(InputRecord.java:527)
>       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:975)
>       at 
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
>       at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
>       at 
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
>       at 
> org.apache.geode.internal.net.SocketCreator.handshakeIfSocketIsSSL(SocketCreator.java:981)
>       at 
> org.apache.geode.distributed.internal.tcpserver.TcpServer.lambda$processRequest$0(TcpServer.java:346)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>       at java.lang.Thread.run(Thread.java:748)
> {quote}
> In develop branch: the gfsh output would be a strange ClassCastException. 
> It's definitely broken on develop



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to