[Bug] The client(2.11.1) cannot enable tls in the jdk8 environment #20565
Description
Search before asking
- I searched in the issues and found nothing similar.
Version
pulsar: 2.11.1
jdk: 1.8.0_202�
Minimal reproduce step
pulsar-proxy Enables tls authentication,Write a simple producer program in Java and turn on tls.
When I run with jdk8 I get an error, then I change the jdk version to jdk17 and it works fine.
I ran multiple tests:
jdk8 + pulsar-client-2.11.0(with tls) -> ok
jdk8 + pulsar-client-2.11.1(with tls) -> not ok
jdk17 + pulsar-client-2.11.0(with tls) -> ok
jdk17 + pulsar-client-2.11.1(with tls) -> ok
What did you expect to see?
I expect pulsar-client-2.11.1 to work properly in jdk8 environment and enable tls
What did you see instead?
I get an error when using pulsar-client-2.11.1 (tls enabled) in the jdk8 environment:
2023-06-12 23:26:05,568 (pulsar-client-io-1-1) [DEBUG - org.apache.pulsar.client.impl.ConnectionPool.lambda$createConnection$10(ConnectionPool.java:253)] Removing closed connection from pool: AbstractChannel$CloseFuture@31990d72(success)
2023-06-12 23:26:05,569 (pulsar-client-io-1-1) [WARN - org.apache.pulsar.client.impl.ClientCnx.exceptionCaught(ClientCnx.java:328)] [pulsar-xxx.com/10.146.80.10:6651] Got exception org.apache.pulsar.shade.io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at org.apache.pulsar.shade.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
at org.apache.pulsar.shade.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
at org.apache.pulsar.shade.io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
at org.apache.pulsar.shade.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
at org.apache.pulsar.shade.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at org.apache.pulsar.shade.io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:800)
at org.apache.pulsar.shade.io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:499)
at org.apache.pulsar.shade.io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:397)
at org.apache.pulsar.shade.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
at org.apache.pulsar.shade.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at org.apache.pulsar.shade.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1907)
at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:834)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:509)
at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1041)
at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.wrapNonAppData(SslHandler.java:927)
at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1409)
at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.decodeNonJdkCompatible(SslHandler.java:1247)
at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1287)
at org.apache.pulsar.shade.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
at org.apache.pulsar.shade.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
... 15 more
Caused by: java.lang.IllegalArgumentException: TLSv1.3
at sun.security.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:187)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:258)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:234)
at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslContext$AbstractCertificateVerifier.verify(ReferenceCountedOpenSslContext.java:773)
at org.apache.pulsar.shade.io.netty.internal.tcnative.CertificateVerifierTask.runTask(CertificateVerifierTask.java:36)
at org.apache.pulsar.shade.io.netty.internal.tcnative.SSLTask.run(SSLTask.java:48)
at org.apache.pulsar.shade.io.netty.internal.tcnative.SSLTask.run(SSLTask.java:42)
at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.runAndResetNeedTask(ReferenceCountedOpenSslEngine.java:1496)
at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.access$700(ReferenceCountedOpenSslEngine.java:94)
at org.apache.pulsar.shade.io.netty.handler.ssl.ReferenceCountedOpenSslEngine$TaskDecorator.run(ReferenceCountedOpenSslEngine.java:1471)
at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1549)
at org.apache.pulsar.shade.io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1395)
... 19 more
Anything else?
No response
Are you willing to submit a PR?
- I'm willing to submit a PR!