[Bug] Python Client verify hostname failed #36
Description
Search before asking
- I searched in the issues and found nothing similar.
Version
Pulsar Version: 2.9.2
pulsar-client=='2.10.0'
Minimal reproduce step
Deploy Broker with JWT Authentication enabled, configure TLS encryption on Pulsar Proxy or Reverse Proxy.
What did you expect to see?
Connect to Cluster and produce message successfully.
What did you see instead?
Can't verify the hostname
[192.168.50.160:65007 -> 54.164.25.155:6651] Handshake failed: certificate verify failed (SSL routines, tls_process_server_certificate)
Error Checking/Getting Partition Metadata while creating producer on persistent://public/default/test1 -- ConnectError
Traceback (most recent call last):
File "/Users/cai/streamnative/clients/py_client/main.py", line 21, in <module>
producer = client.create_producer(topic='public/default/test1')
File "/Users/cai/.pyenv/versions/3.9.11/lib/python3.9/site-packages/pulsar/__init__.py", line 603, in create_producer
p._producer = self._client.create_producer(topic, conf)
_pulsar.ConnectError: Pulsar error: ConnectError
2022-08-16 13:22:39.722 DEBUG [0x101410580] ClientImpl:582 | ConnectionPool is closed
2022-08-16 13:22:39.722 DEBUG [0x101410580] ClientImpl:584 | ioExecutorProvider_ is closed
2022-08-16 13:22:39.722 DEBUG [0x101410580] ClientImpl:586 | listenerExecutorProvider_ is closed
2022-08-16 13:22:39.722 DEBUG [0x101410580] ClientImpl:588 | partitionListenerExecutorProvider_ is closed
Anything else?
Cert Info
Service Url(cys-tls-broker.cys-dev.test.aws.sn2.dev) can be covered by both CN or DNSNames
CN: *.cys-dev.test.aws.sn2.dev
DNS:*.cys-dev.test.aws.sn2.dev
Curl test
➜ curl https://cys-tls-broker.cys-dev.test.aws.sn2.dev
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 404 Not Found</title>
</head>
<body><h2>HTTP ERROR 404 Not Found</h2>
<table>
<tr><th>URI:</th><td>/</td></tr>
<tr><th>STATUS:</th><td>404</td></tr>
<tr><th>MESSAGE:</th><td>Not Found</td></tr>
<tr><th>SERVLET:</th><td>org.glassfish.jersey.servlet.ServletContainer-30aec673</td></tr>
</table>
<hr><a href="https://eclipse.org/jetty">Powered by Jetty:// 9.4.43.v20210629</a><hr/>
</body>
</html>Code example
import logging
import pulsar
from pulsar import AuthenticationToken
logger = logging.Logger(name="pulsar", level=logging.DEBUG)
url = 'pulsar+ssl://cys-tls-broker.cys-dev.test.aws.sn2.dev:6651'
client = pulsar.Client(url,
tls_validate_hostname=True,
logger=logger,
use_tls=True,
tls_allow_insecure_connection=False,
authentication=AuthenticationToken(
'--TOKEN STRING--'))
producer = client.create_producer(topic='public/default/test1')
i = 0
while True:
producer.send(('Hello-%d' % i).encode('utf-8'))
i = i+1Are you willing to submit a PR?
- I'm willing to submit a PR!