GEODE-8655: handling exception on SNIHostName #5669
Conversation
There was a problem hiding this comment.
@mkevo is there any test that would be covering/testing the changes you have made here?
| serverNames.add(new SNIHostName(hostName)); | ||
| try { | ||
| serverNames.add(new SNIHostName(hostName)); | ||
| } catch (Exception ex) { |
There was a problem hiding this comment.
If we can't establish the SNI field as requested shouldn't we throw an informative exception? If you throw an SSLException, for instance, ConnectionFactoryImpl will catch it and log it.
There was a problem hiding this comment.
Hi @bschuchardt ,
What do you mean by throwing an informative exception?
Is it ok to log it in warn level?
There was a problem hiding this comment.
throw new SSLException("unable to establish requested server name", ex)
There was a problem hiding this comment.
I'm not sure that's actually necessary though - ConnectionFactoryImpl already catches the exception this PR is guarding and logs it. Do you have a failure that this PR is fixing?
There was a problem hiding this comment.
This issue didn't exist before adding GEODE-7852.
I can't find it where it catches this exception from the ticket description and where it logs it. This catch is added to handle this exception:
java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
I described a failure in the ticket, and need a help to write test for it as it is using ipv6 and TLS.
You can try to reproduce it locally. If you need more information to reproduce the issue please contact me via mail or slack.
There was a problem hiding this comment.
I'm removing myself as a reviewer of this PR. I will not be working on Apache Geode in the near future and should not be blocking any PRs.
Sorry, mistake. |
mkevo
changed the title
Hi @kohlmu-pivotal , |
There was a problem hiding this comment.
Thanks for correcting the ticket number. I can see this is concerning server-side endpoint verification now. I don't think we should catch and ignore that exception because we'd be silently ignoring the request to verify the server certificate host names. I can see there are many complaints on the internet about SNIHostName not accepting IPv6 numeric addresses while it does support IPv4 numeric addresses.
What we need is the ability to specify a hostname for the locator's bind-address in gfsh and have this string be preserved and passed into InternalLocator's startDistributedSystem() method. I tried that in GEODE-8144 but gave up as it required a lot of code change in gfsh/LocatorLauncher code. Instead I used getCanonicalHostName() if no bind-address is specified but this doesn't seem to be working in your environment.
We need to move the whole code base in the direction of preserving the hostname strings specified by operators and not turn them into InetAddresses. This is why we introduced the HostAndPort class. for instance.
|
Hi @bschuchardt , I think that this will not also work on your laptop too, you just need to add ipv6 address to you machine and follow steps described in the ticket. |
|
This PR has been inactive for some while, can it be closed? |
|
Hi, |
There was a problem hiding this comment.
I am wondering if this PR is needed if we change SocketCreator to only establish a SNI hostname when necessary. @upthewaterspout changed the code to always establish a SNI hostname but we really only need it if a proxy hostname has been set, or if validation of the server's hostname has been requested. In both of those cases a non-numeric hostname ought to be available.
|
@bschuchardt that approach might work, @mkevo do you have a test for this scenario you could share with us? |
|
@echobravopapa , I don't have a test, but these are manually steps:
If you try with my proposal to fix it you will got in logs java.lang.IllegalArgumentException and status command will be successful. Without my fix command failed as it not handling this exception. |
|
Hello @mkevo may I ask you for more detailed steps to reproduce this? i.e. i'm attempting to intuitively follow the info you have above and I'm getting exceptions on step 2: |
|
I think that the reason why you got the problem on the start locator command is that you didn't configured right ipv6 on your local machine. I will try to send you more detailed steps via mail. |
|
Hey @mkevo your last email got me to a similar reproduction... and I realized that you should be able to convert this use case into a test by using docker containers, have a look at |
|
This PR has been open for some while with no recent activity. Please keep Geode tidy by closing PRs you're not actively using. |
|
@onichols-pivotal, |
onichols-pivotal
dismissed
bschuchardt’s stale review
Bill is taking over for Bruce for this PR
|
This PR has been untouched for several months, can it be closed? |
No, need some help to write a test with ipv6. |
|
@echobravopapa @Bill @kamilla1201 is this something that you could help with? |
|
this PR appears to be abandoned, can it be closed? |
Still waiting for some help for a test with Ipv6. |
|
Please rebase with latest develop to resolve conflicts and reach out to the dev list if you are stuck |
mkevo
force-pushed
the
feature/GEODE-8665
branch
from
795169b
to
bd275ae
Compare
Thank you for submitting a contribution to Apache Geode.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
Has your PR been rebased against the latest commit within the target branch (typically
develop)?Is your initial contribution a single, squashed commit?
Does
gradlew buildrun cleanly?Have you written or updated unit tests to verify your changes?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
Note:
Please ensure that once the PR is submitted, check Concourse for build issues and
submit an update to your PR as soon as possible. If you need help, please send an
email to dev@geode.apache.org.