springcloud的服务通过spring-cloud-starter-huawei-servicecomb-discovery如何连接到配置了TSL的注册中心

[chenxiaoshou]

我有一个配置了TSL的cse注册中心，后台服务已经通过TSL的方式注册到注册中心并可以接口访问。
现有一个springcloud服务，引入spring-cloud-starter-huawei-servicecomb-discovery，应如何配置ssl，才能连接到tsl的cse注册中心？

cse后台服务的ssl配置如下：

联系支撑人员，提供的方案是使用springboot原生的ssl能力

即使是明文密码直接连接，也无法成功，servicecomb的discovery的报错如下：

"2020-09-28 16:37:42.547" [UTC:20200928T083742]|INFO |SECURITY|getServices failed|com.huaweicloud.servicecomb.discovery.discovery.ServiceCombDiscoveryClient.getServices(ServiceCombDiscoveryClient.java:73)
com.huaweicloud.common.exception.RemoteServerUnavailableException: service center unavailable. message=Received fatal alert: bad_certificate
at com.huaweicloud.common.transport.DefaultHttpTransport.execute(DefaultHttpTransport.java:116) ~[spring-cloud-huawei-common-1.1.0.jar:1.1.0]
at com.huaweicloud.common.transport.DefaultHttpTransport.sendGetRequest(DefaultHttpTransport.java:125) ~[spring-cloud-huawei-common-1.1.0.jar:1.1.0]
at com.huaweicloud.servicecomb.discovery.client.ServiceCombClient.getServices(ServiceCombClient.java:412) ~[spring-cloud-huawei-servicecomb-discovery-1.1.0.jar:1.1.0]
at com.huaweicloud.servicecomb.discovery.discovery.ServiceCombDiscoveryClient.getServices(ServiceCombDiscoveryClient.java:64) [spring-cloud-huawei-servicecomb-discovery-1.1.0.jar:1.1.0]
at org.springframework.cloud.client.discovery.composite.CompositeDiscoveryClient.getServices(CompositeDiscoveryClient.java:67) [spring-cloud-commons-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.locateRoutes(DiscoveryClientRouteLocator.java:121) [spring-cloud-netflix-zuul-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.locateRoutes(DiscoveryClientRouteLocator.java:44) [spring-cloud-netflix-zuul-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.SimpleRouteLocator.doRefresh(SimpleRouteLocator.java:186) [spring-cloud-netflix-zuul-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator.refresh(DiscoveryClientRouteLocator.java:171) [spring-cloud-netflix-zuul-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cloud.netflix.zuul.filters.CompositeRouteLocator.refresh(CompositeRouteLocator.java:78) [spring-cloud-netflix-zuul-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cloud.netflix.zuul.web.ZuulHandlerMapping.setDirty(ZuulHandlerMapping.java:79) [spring-cloud-netflix-zuul-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cloud.netflix.zuul.ZuulServerAutoConfiguration$ZuulRefreshListener.reset(ZuulServerAutoConfiguration.java:309) [spring-cloud-netflix-zuul-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.cloud.netflix.zuul.ZuulServerAutoConfiguration$ZuulRefreshListener.onApplicationEvent(ZuulServerAutoConfiguration.java:290) [spring-cloud-netflix-zuul-2.1.2.RELEASE.jar:2.1.2.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172) [spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165) [spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139) [spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:402) [spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:359) [spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:896) [spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:161) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552) [spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:742) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:389) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:311) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at com.huawei.intelligent.gateway.App.main(App.java:54) [classes/:?]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_151]
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[?:1.8.0_151]
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2033) ~[?:1.8.0_151]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135) ~[?:1.8.0_151]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:1.8.0_151]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:1.8.0_151]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:1.8.0_151]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:404) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:364) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.7.jar:4.5.7]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.7.jar:4.5.7]
at com.huaweicloud.common.transport.DefaultHttpTransport.execute(DefaultHttpTransport.java:110) ~[spring-cloud-huawei-common-1.1.0.jar:1.1.0]
... 25 more

[liubao68]

你可以在这个项目提问: https://github.com/huaweicloud/spring-cloud-huawei/issues

目前 spring-cloud-huawei 仅支持云上环境(HTTPS 不需要证书认证）。 自建的HTTPS认证场景也是支持的，比较简单， 参考 DEMO: https://github.com/huaweicloud/spring-cloud-huawei/tree/master/spring-cloud-huawei-sample/discovery-demo/ssl-demo。 但是后续会进一步优化为和servicecomb-java-chassis类似的配置方案。

[chenxiaoshou]

好的，我已经提了https://github.com/huaweicloud/spring-cloud-huawei/issues/264。试了一下，可以连接tsl的注册中心，但是是否可以支持密码明文加密？

[liubao68]

close old issues, please feel free to submit a new one if the problem still exists.