Details
-
Bug
-
Resolution: Fixed
-
Major
-
7.1.0
-
Untriaged
-
1
-
Unknown
Description
We run YCSB SSL x509 auth tests for the java sdk. When running with sdk3 everything works fine, but running with sdk2 give this erro:
javax.net.ssl.SSLHandshakeException: No trusted certificate found
Both tests use the same cert keystore but sdk2 test sets tls version to 1.2.
This is the sdk2 ycsb setup code: https://github.com/couchbaselabs/YCSB/blob/tmp-x509/couchbase2/src/main/java/com/yahoo/ycsb/db/couchbase2/Couchbase2Client.java#L174
This is the sdk3 ycsb setup code: https://github.com/couchbaselabs/YCSB/blob/couchbase3/couchbase3/src/main/java/com/yahoo/ycsb/db/couchbase3/Couchbase3Client.java
I see there are some commits removing bucket SASL... could this be related. Not really sure how to fix. Seems like probably an issue in our ycsb setup.
This is stack trace from ycsb:
WARNING: [herc02-sb26.perf.couchbase.com:11207][KeyValueEndpoint]: SSL Handshake Failure during connect: No trusted certificate foundWARNING: [herc02-sb26.perf.couchbase.com:11207][KeyValueEndpoint]: SSL Handshake Failure during connect: No trusted certificate foundJun 18, 2021 3:43:13 PM com.couchbase.client.core.RequestHandler$1$1 onErrorWARNING: Received Error during Reconfiguration.javax.net.ssl.SSLHandshakeException: No trusted certificate found at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:259) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:642) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:461) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:361) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:450) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1078) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1012) at com.couchbase.client.deps.io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1365) at com.couchbase.client.deps.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1273) at com.couchbase.client.deps.io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1108) at com.couchbase.client.deps.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1151) at com.couchbase.client.deps.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:491) at com.couchbase.client.deps.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:430) at com.couchbase.client.deps.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267) at com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356) at com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342) at com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:335) at com.couchbase.client.deps.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1304) at com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:356) at com.couchbase.client.deps.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:342) at com.couchbase.client.deps.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:921) at com.couchbase.client.deps.io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:725) at com.couchbase.client.deps.io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:400) at com.couchbase.client.deps.io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:300) at com.couchbase.client.deps.io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131) at com.couchbase.client.deps.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:834)Caused by: sun.security.validator.ValidatorException: No trusted certificate found at java.base/sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:411) at java.base/sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:135) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:276) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:620) ... 28 more |
This is the job: http://perf.jenkins.couchbase.com/job/hercules/10251/console
Attachments
Issue Links
- relates to
-
MB-46983 memcached returning not_supported to SslCertsRefresh (0xf2)
- Closed