[
https://issues.apache.org/jira/browse/IGNITE-25693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pavel Tupitsyn reassigned IGNITE-25693:
---------------------------------------
Assignee: Pavel Tupitsyn
> Client connector produces excessive logs when SSL connection fails
> ------------------------------------------------------------------
>
> Key: IGNITE-25693
> URL: https://issues.apache.org/jira/browse/IGNITE-25693
> Project: Ignite
> Issue Type: Bug
> Components: thin clients ai3
> Affects Versions: 3.0.0-beta1
> Reporter: Igor Sapego
> Assignee: Pavel Tupitsyn
> Priority: Major
> Labels: ignite-3
>
> If the client secure certificate is wrong, client connector produces a whole
> stacktrace, which is excessive and may result in unnecessary drive load.
> A single exception example:
> {noformat}
> [WARN
> ][org.apache.ignite.internal.runner.app.PlatformTestNodeRunner_4-network-worker-8][ClientInboundMessageHandler]
> Exception in client connector pipeline [connectionId=423,
> remoteAddress=/127.0.0.1:51376]: javax.net.ssl.SSLHandshakeException: PKIX
> path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException:
> PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500)
> ~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
> ~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1357)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:868)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:796)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:732)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:658)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
> [netty-transport-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:998)
> [netty-common-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
> [netty-common-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
> [netty-common-4.1.119.Final.jar:4.1.119.Final]
> at java.base/java.lang.Thread.run(Thread.java:833) [?:?]
> Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
> ~[?:?]
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
> ~[?:?]
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
> ~[?:?]
> at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
> ~[?:?]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkClientCerts(CertificateMessage.java:1301)
> ~[?:?]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1204)
> ~[?:?]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1181)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
> ~[?:?]
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
> ~[?:?]
> at
> io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1695)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1541)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1377)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1428)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
> ~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
> ~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
> ... 17 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at
> java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
> ~[?:?]
> at
> java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
> ~[?:?]
> at
> java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
> ~[?:?]
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:138)
> ~[?:?]
> at
> io.netty.handler.ssl.EnhancingX509ExtendedTrustManager.checkClientTrusted(EnhancingX509ExtendedTrustManager.java:62)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkClientCerts(CertificateMessage.java:1279)
> ~[?:?]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1204)
> ~[?:?]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1181)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
> ~[?:?]
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
> ~[?:?]
> at
> io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1695)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1541)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1377)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1428)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
> ~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
> ~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
> ... 17 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
> at
> java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
> ~[?:?]
> at
> java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
> ~[?:?]
> at
> java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
> ~[?:?]
> at
> java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
> ~[?:?]
> at
> java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
> ~[?:?]
> at
> java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[?:?]
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
> ~[?:?]
> at
> java.base/sun.security.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:138)
> ~[?:?]
> at
> io.netty.handler.ssl.EnhancingX509ExtendedTrustManager.checkClientTrusted(EnhancingX509ExtendedTrustManager.java:62)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkClientCerts(CertificateMessage.java:1279)
> ~[?:?]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1204)
> ~[?:?]
> at
> java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1181)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
> at
> java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
> ~[?:?]
> at
> java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
> ~[?:?]
> at
> java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
> ~[?:?]
> at
> io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1695)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1541)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1377)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1428)
> ~[netty-handler-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:530)
> ~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:469)
> ~[netty-codec-4.1.119.Final.jar:4.1.119.Final]
> ... 17 more
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
