Quantcast

Cosbench and TLS v1.2

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Cosbench and TLS v1.2

etlv
Hi,
Im working with cosbench against swift cluster with proxy servers which are also terminators for SSL.
The TLS version used on the proxy is V1.2.
When I was using V1.0, cosbench was able to connect, however now with V1.2 it cant, getting SSLPeerUnverifiedException:

================================================== stage: s1-init ==================================================
---------------------------------- mission: M5BB12954EC, driver: server211 ----------------------------------
2016-02-07 11:31:43,008 [INFO] [Log4jLogManager] - will append log to file /home/zadara/cosbench/0.4.2.c3/log/mission/M5BB12954EC.log
2016-02-07 11:31:43,289 [INFO] [NoneStorage] - performing PUT at /mycontainers1
2016-02-07 11:31:43,292 [ERROR] [AbstractOperator] - worker 1 fail to perform operation mycontainers1
com.intel.cosbench.api.storage.StorageException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at com.intel.cosbench.api.swift.SwiftStorage.createContainer(SwiftStorage.java:188)
        at com.intel.cosbench.driver.operator.Preparer.doInit(Preparer.java:113)
        at com.intel.cosbench.driver.operator.Preparer.operate(Preparer.java:87)
        at com.intel.cosbench.driver.operator.AbstractOperator.operate(AbstractOperator.java:76)
        at com.intel.cosbench.driver.operator.Initializer.operate(Initializer.java:1)
        at com.intel.cosbench.driver.agent.WorkAgent.performOperation(WorkAgent.java:197)
        at com.intel.cosbench.driver.agent.WorkAgent.doWork(WorkAgent.java:177)
        at com.intel.cosbench.driver.agent.WorkAgent.execute(WorkAgent.java:134)
        at com.intel.cosbench.driver.agent.AbstractAgent.call(AbstractAgent.java:44)
        at com.intel.cosbench.driver.agent.AbstractAgent.call(AbstractAgent.java:1)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
        at com.intel.cosbench.client.swift.SwiftClient.getContainerInfo(SwiftClient.java:104)
        at com.intel.cosbench.client.swift.SwiftClient.containerExists(SwiftClient.java:343)
        at com.intel.cosbench.api.swift.SwiftStorage.createContainer(SwiftStorage.java:176)
        ... 13 more
================================================== stage: s2-prepare ==================================================
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cosbench and TLS v1.2

etlv
any idea? someone?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Cosbench and TLS v1.2

ywang19
Administrator
In reply to this post by etlv

Hope below answer helps:

 

For the "peer not athenticated" error, one is to use http:// instead of https:// to choose http protocol if https is not your exepcted. or, if you really expect https, this link may help, the basic idea is you'd make self-signed certificate into JVM trust store before issuing requests. 
http://stackoverflow.com/questions/12961570/sslpeerunverifiedexception-peer-not-authenticated

in short, the steps are:

1.Run the following command, replace $ADDRESS with the URL, minus the "https://":

echo -n | openssl s_client -connect $ADDRESS:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/$ADDRESS.cert

2.Run the following command, replace $ALIAS a short name for the key, $ADDRESS with the cert name from above, $PATH with the path to cacerts in your JRE.

sudo keytool -importcert -alias "$ALIAS" -file /tmp/$ADDRESS.cert -keystore $PATH/cacerts -storepass changeit

 

-yaguang

 

From: etlv [via COSBench] [mailto:ml-node+[hidden email]]
Sent: Sunday, February 07, 2016 5:40 PM
To: Wang, Yaguang [hidden email]
Subject: Cosbench and TLS v1.2

 

Hi,
Im working with cosbench against swift cluster with proxy servers which are also terminators for SSL.
The TLS version used on the proxy is V1.2.
When I was using V1.0, cosbench was able to connect, however now with V1.2 it cant, getting SSLPeerUnverifiedException:

================================================== stage: s1-init ==================================================
---------------------------------- mission: M5BB12954EC, driver: server211 ----------------------------------
2016-02-07 11:31:43,008 [INFO] [Log4jLogManager] - will append log to file /home/zadara/cosbench/0.4.2.c3/log/mission/M5BB12954EC.log
2016-02-07 11:31:43,289 [INFO] [NoneStorage] - performing PUT at /mycontainers1
2016-02-07 11:31:43,292 [ERROR] [AbstractOperator] - worker 1 fail to perform operation mycontainers1
com.intel.cosbench.api.storage.StorageException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at com.intel.cosbench.api.swift.SwiftStorage.createContainer(SwiftStorage.java:188)
        at com.intel.cosbench.driver.operator.Preparer.doInit(Preparer.java:113)
        at com.intel.cosbench.driver.operator.Preparer.operate(Preparer.java:87)
        at com.intel.cosbench.driver.operator.AbstractOperator.operate(AbstractOperator.java:76)
        at com.intel.cosbench.driver.operator.Initializer.operate(Initializer.java:1)
        at com.intel.cosbench.driver.agent.WorkAgent.performOperation(WorkAgent.java:197)
        at com.intel.cosbench.driver.agent.WorkAgent.doWork(WorkAgent.java:177)
        at com.intel.cosbench.driver.agent.WorkAgent.execute(WorkAgent.java:134)
        at com.intel.cosbench.driver.agent.AbstractAgent.call(AbstractAgent.java:44)
        at com.intel.cosbench.driver.agent.AbstractAgent.call(AbstractAgent.java:1)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
        at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:421)
        at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
        at com.intel.cosbench.client.swift.SwiftClient.getContainerInfo(SwiftClient.java:104)
        at com.intel.cosbench.client.swift.SwiftClient.containerExists(SwiftClient.java:343)
        at com.intel.cosbench.api.swift.SwiftStorage.createContainer(SwiftStorage.java:176)
        ... 13 more
================================================== stage: s2-prepare ==================================================


If you reply to this email, your message will be added to the discussion below:

http://cosbench.1094679.n5.nabble.com/Cosbench-and-TLS-v1-2-tp445.html

To start a new topic under cosbench-user, email [hidden email]
To unsubscribe from COSBench, click here.
NAML

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Cosbench and TLS v1.2

etlv
Hi ywang19

Thanks for the reply, however this workaround you provided also in https://github.com/intel-cloud/cosbench/issues/277 doesnt seems to work.

Any idea how this can be solved? as TLS 1.0 is becoming obsolete..
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RE: Cosbench and TLS v1.2

ywang19
Administrator
I haven't got a chance to try with TLS v1.2 yet.


 
Date: 2017-02-14 22:28
Subject: RE: Cosbench and TLS v1.2
Hi ywang19

Thanks for the reply, however this workaround you provided also in https://github.com/intel-cloud/cosbench/issues/277 doesnt seems to work.

Any idea how this can be solved? as TLS 1.0 is becoming obsolete..



If you reply to this email, your message will be added to the discussion below:
http://cosbench.1094679.n5.nabble.com/Cosbench-and-TLS-v1-2-tp445p545.html
To start a new topic under cosbench-user, email [hidden email]
To unsubscribe from COSBench, click here.
NAML
Loading...