Sergey Nuyanzin created FLINK-33056:
---------------------------------------
Summary: NettyClientServerSslTest#testValidSslConnection fails on
AZP
Key: FLINK-33056
URL: https://issues.apache.org/jira/browse/FLINK-33056
Project: Flink
Issue Type: Bug
Components: Runtime / Configuration, Runtime / Coordination
Affects Versions: 1.19.0
Reporter: Sergey Nuyanzin
This build
https://dev.azure.com/apache-flink/apache-flink/_build/results?buildId=53020&view=logs&j=77a9d8e1-d610-59b3-fc2a-4766541e0e33&t=125e07e7-8de0-5c6c-a541-a567415af3ef&l=8592
fails with
{noformat}
Test testValidSslConnection[SSL provider =
JDK](org.apache.flink.runtime.io.network.netty.NettyClientServerSslTest) is
running.
--------------------------------------------------------------------------------
01:20:31,479 [ main] INFO
org.apache.flink.runtime.io.network.netty.NettyConfig [] - NettyConfig
[server address: localhost/127.0.0.1, server port range: 36717, ssl enabled:
true, memory segment size (bytes): 1024, transport type: AUTO, number of server
threads: 1 (manual), number of client thr
eads: 1 (manual), server connect backlog: 0 (use Netty's default), client
connect timeout (sec): 120, send/receive buffer size (bytes): 0 (use Netty's
default)]
01:20:31,479 [ main] INFO
org.apache.flink.runtime.io.network.netty.NettyServer [] - Transport
type 'auto': using EPOLL.
01:20:31,475 [Flink Netty Client (42359) Thread 0] WARN
org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline [] - An
exceptionCaught() event was fired, and it reached at the tail of the pipeline.
It usually means the last handler in the pipeline did not handle the exception.
org.apache.flink.shaded.netty4.io.netty.handler.codec.DecoderException:
javax.net.ssl.SSLHandshakeException: server certificate with unknown
fingerprint: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
at
org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_292]
Caused by: javax.net.ssl.SSLHandshakeException: server certificate with unknown
fingerprint: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
~[?:1.8.0_292]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
~[?:1.8.0_292]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
~[?:1.8.0_292]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
~[?:1.8.0_292]
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
~[?:1.8.0_292]
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
~[?:1.8.0_292]
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
~[?:1.8.0_292]
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
~[?:1.8.0_292]
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
~[?:1.8.0_292]
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
~[?:1.8.0_292]
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:955)
~[?:1.8.0_292]
at java.security.AccessController.doPrivileged(Native Method)
~[?:1.8.0_292]
at
sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:902)
~[?:1.8.0_292]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1559)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1405)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
... 14 more
Caused by: java.security.cert.CertificateException: server certificate with
unknown fingerprint: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.FingerprintTrustManagerFactory$1.checkTrusted(FingerprintTrustManagerFactory.java:124)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.FingerprintTrustManagerFactory$1.checkServerTrusted(FingerprintTrustManagerFactory.java:108)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.X509TrustManagerWrapper.checkServerTrusted(X509TrustManagerWrapper.java:69)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
~[?:1.8.0_292]
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
~[?:1.8.0_292]
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
~[?:1.8.0_292]
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
~[?:1.8.0_292]
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
~[?:1.8.0_292]
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
~[?:1.8.0_292]
at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:955)
~[?:1.8.0_292]
at java.security.AccessController.doPrivileged(Native Method)
~[?:1.8.0_292]
at
sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:902)
~[?:1.8.0_292]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1559)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1405)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
at
org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
~[flink-shaded-netty-4.1.91.Final-17.0.jar:?]
... 14 more
{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
