TLS BAD_PACKET_LENGTH Error
Opened this issue · 0 comments
Syphixs commented
I have a configured Local Standalone Pulsar (v 2.10.4) via docker-compose with TLS enabled. I generated the certificate files after the provided guide: Guide The openssl.cnf is now at this provided link openssl.cnf
I try to connect via these settings:
let paddr = "pulsar+ssl://127.0.0.1:6651";
let pulsar_client = Pulsar::builder(paddr, TokioExecutor)
.with_allow_insecure_connection(false)
.with_tls_hostname_verification_enabled(false)
.with_certificate_chain_file(path::Path::new(
"/path/to/dummy_certs/ca.cert.pem",
))
.expect("No Cert in path")
.build()
.await
.expect("Could not create pulsar client");
but the broker always complains about a BAD_PACKET_LENGTH. Also tried to provide the cert via with_certificat_chain directly but same outcome.
pulsar_1 | 2023-07-14T07:16:35,648+0000 [pulsar-io-29-48] INFO org.apache.pulsar.broker.service.ServerCnx - New connection from /172.20.0.1:43780
pulsar_1 | 2023-07-14T07:16:35,674+0000 [pulsar-io-29-48] WARN org.apache.pulsar.broker.service.ServerCnx - [/172.20.0.1:43780] Got exception io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000070:SSL routines:OPENSSL_internal:BAD_PACKET_LENGTH
pulsar_1 | at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
pulsar_1 | at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
pulsar_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
pulsar_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
pulsar_1 | at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
pulsar_1 | at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
pulsar_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
pulsar_1 | at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
pulsar_1 | at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
pulsar_1 | at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
pulsar_1 | at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
pulsar_1 | at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
pulsar_1 | at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
pulsar_1 | at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
pulsar_1 | at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
pulsar_1 | at java.base/java.lang.Thread.run(Thread.java:829)
pulsar_1 | Caused by: javax.net.ssl.SSLHandshakeException: error:10000070:SSL routines:OPENSSL_internal:BAD_PACKET_LENGTH
pulsar_1 | at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.needWrapAgain(ReferenceCountedOpenSslEngine.java:1355)
pulsar_1 | at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.sslReadErrorResult(ReferenceCountedOpenSslEngine.java:1372)
pulsar_1 | at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1317)
pulsar_1 | at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1404)
pulsar_1 | at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.unwrap(ReferenceCountedOpenSslEngine.java:1447)
pulsar_1 | at io.netty.handler.ssl.SslHandler$SslEngineType$1.unwrap(SslHandler.java:222)
pulsar_1 | at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1343)
pulsar_1 | at io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1247)
pulsar_1 | at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1287)
pulsar_1 | at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
pulsar_1 | at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
pulsar_1 | ... 15 more
pulsar_1 |
pulsar_1 | 2023-07-14T07:16:35,674+0000 [pulsar-io-29-48] INFO org.apache.pulsar.broker.service.ServerCnx - Closed connection from /172.20.0.1:43780
Pulsar Version is 2.10.4 and Client is 6.0.1.
OpenSSL 1.1.1f
added my docker-compose file , standalone conf and my cargo toml