[
https://issues.apache.org/jira/browse/ZOOKEEPER-4393?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17484346#comment-17484346
]
Nilendra Jain commented on ZOOKEEPER-4393:
------------------------------------------
Hi [~edipesh19]
Thanks for the suggestion. I tried it, but now I am getting a new exception
during packet exchange:
[2022-01-30 23:32:33,325] INFO Nilendra - sendPkt - {} clientPath:null
serverPath:null finished:false header:: null replyHeader:: null request::
0,0,18000,0,#0000000000000000 response:: null
(org.apache.zookeeper.ClientCnxnSocketNetty)
[2022-01-30 23:32:33,326] TRACE Channel active [id: 0x9b98ffde,
L:/0:0:0:0:0:0:0:1:2181 - R:/0:0:0:0:0:0:0:1:40500]
(org.apache.zookeeper.server.NettyServerCnxnFactory)
[2022-01-30 23:32:33,433] DEBUG -Dio.netty.recycler.maxCapacityPerThread: 4096
(io.netty.util.Recycler)
[2022-01-30 23:32:33,433] DEBUG -Dio.netty.recycler.maxSharedCapacityFactor: 2
(io.netty.util.Recycler)
[2022-01-30 23:32:33,433] DEBUG -Dio.netty.recycler.linkCapacity: 16
(io.netty.util.Recycler)
[2022-01-30 23:32:33,433] DEBUG -Dio.netty.recycler.ratio: 8
(io.netty.util.Recycler)
[2022-01-30 23:32:33,433] DEBUG -Dio.netty.recycler.delayedQueue.ratio: 8
(io.netty.util.Recycler)
[2022-01-30 23:32:33,438] DEBUG -Dio.netty.buffer.checkAccessible: true
(io.netty.buffer.AbstractByteBuf)
[2022-01-30 23:32:33,438] DEBUG -Dio.netty.buffer.checkBounds: true
(io.netty.buffer.AbstractByteBuf)
[2022-01-30 23:32:33,439] DEBUG Loaded default ResourceLeakDetector:
io.netty.util.ResourceLeakDetector@4542e4da
(io.netty.util.ResourceLeakDetectorFactory)
[2022-01-30 23:32:33,444] TRACE message received called
PooledUnsafeDirectByteBuf(ridx: 0, widx: 235, cap: 2048)
(org.apache.zookeeper.server.NettyServerCnxnFactory)
[2022-01-30 23:32:33,444] DEBUG New message PooledUnsafeDirectByteBuf(ridx: 0,
widx: 235, cap: 2048) from [id: 0x9b98ffde, L:/0:0:0:0:0:0:0:1:2181 -
R:/0:0:0:0:0:0:0:1:40500] (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2022-01-30 23:32:33,445] DEBUG 0x0 queuedBuffer: null
(org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,446] TRACE 0x0 buf
16030300e6010000e2030341dfebbc23c8d06b17545b8088a64a8e39ad222fc52c262d448a2df07609ffbf000056c02cc02bc030c02f009f00a3009e00a2c024c028c023c027006b006a00670040c02ec032c02dc031c026c02ac025c029c00ac014c009c0130039003800330032c005c00fc004c00e009d009c003d003c0035002f00ff01000063000a0012001000170018001901000101010201030104000b00020100000d001c001a04030503060304010501060104020303030103020203020102020032001c001a0403050306030401050106010402030303010302020302010202002b0003020303
(org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,446] DEBUG not throttled
(org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,446] TRACE message readable 235 bblenrem 4
(org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,449] TRACE 0x0 bbLen
(org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,449] TRACE More bytes read - message readable 231 bblenrem
0 (org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,450] TRACE 0x0 bbLen 16030300
(org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,450] TRACE 0x0 bbLen len is 369296128
(org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,451] WARN Closing connection to /0:0:0:0:0:0:0:1:40500
(org.apache.zookeeper.server.NettyServerCnxn)
java.io.IOException: Len error 369296128
at
org.apache.zookeeper.server.NettyServerCnxn.receiveMessage(NettyServerCnxn.java:518)
at
org.apache.zookeeper.server.NettyServerCnxn.processMessage(NettyServerCnxn.java:370)
at
org.apache.zookeeper.server.NettyServerCnxnFactory$CnxnChannelHandler.channelRead(NettyServerCnxnFactory.java:337)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at
io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
at
io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at
io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at
io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at
io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:748)
[2022-01-30 23:32:33,452] DEBUG close called for session id: 0x0
(org.apache.zookeeper.server.NettyServerCnxn)
[2022-01-30 23:32:33,452] DEBUG close in progress for session id: 0x0
(org.apache.zookeeper.server.NettyServerCnxn)
> Problem to connect to zookeeper in FIPS mode
> --------------------------------------------
>
> Key: ZOOKEEPER-4393
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4393
> Project: ZooKeeper
> Issue Type: Bug
> Components: security
> Affects Versions: 3.6.3
> Reporter: Dipesh Kumar Dutta
> Priority: Major
>
> In my environment zookeeper is running in fips mode of 3 node cluster. My
> service is also running in fips mode with security provider
> org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
> And from the my service when I am trying to connect to zookeeper I am getting
> the below error.
> {code:java}
> 2021-10-06 17:14:52,645 [nioEventLoopGroup-5-1] WARN
> io.netty.channel.ChannelInitializer - opc.request.id=none - Failed to
> initialize a channel. Closing: [id: 0xa129ece9] -
> org.apache.zookeeper.common.X509Exception$SSLContextException:
> java.security.KeyManagementException: FIPS mode: only SunJSSE TrustManagers
> may be used
> at
> org.apache.zookeeper.common.X509Util.createSSLContextAndOptionsFromConfig(X509Util.java:386)
> at
> org.apache.zookeeper.common.X509Util.createSSLContextAndOptions(X509Util.java:328)
> at
> org.apache.zookeeper.common.X509Util.createSSLContext(X509Util.java:256)
> {code}
> The reason is the zookeeper has its own trust manager implementation which is
> {code:java}
> public class ZKTrustManager extends X509ExtendedTrustManager
> {code}
> and jdk also provide a trust manager implementation as below.
> {code:java}
> X509TrustManagerImpl extends X509ExtendedTrustManager implements
> X509TrustManager
> {code}
> Because of this hierarchy in SSLContextImpl::chooseTrustManager() method the
> below instance check become false and hence it falls to the exception block.
> {code:java}
> if (SunJSSE.isFIPS() && !(var1[var2] instanceof X509TrustManagerImpl)) {
> throw new KeyManagementException("FIPS mode: only SunJSSE TrustManagers
> may be used");
> }
> {code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
