Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-207

puppetserver does not handle ssl renegotiation to different puppetdb servers behind a vip

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • SERVER 0.4.0
    • None
    • Puppet Server
    • None

    • RHEL 7, RHEL 6

    Description

      I have two puppetdb servers behind a VIP. Puppetserver currently requires them to have the "same" ssl cert in order to not get this error.

      2014-11-20 22:04:03,392 ERROR [c.p.h.c.SyncHttpClient] Error executing http request
      javax.net.ssl.SSLHandshakeException: server certificate change is restrictedduring renegotiation
      at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1300) ~[na:1.7.0_71]
      at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:513) ~[na:1.7.0_71]
      at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1180) ~[na:1.7.0_71]
      at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1152) ~[na:1.7.0_71]
      at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[na:1.7.0_71]
      at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:220) ~[puppet-server-release.jar:na]
      at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:254) ~[puppet-server-release.jar:na]
      at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:391) ~[puppet-server-release.jar:na]
      at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:119) ~[puppet-server-release.jar:na]
      at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:159) ~[puppet-server-release.jar:na]
      at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:338) ~[puppet-server-release.jar:na]
      at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:316) ~[puppet-server-release.jar:na]
      at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:277) ~[puppet-server-release.jar:na]
      at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:105) ~[puppet-server-release.jar:na]
      at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:584) ~[puppet-server-release.jar:na]
      at java.lang.Thread.run(Thread.java:745) ~[na:1.7.0_71]

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. SERVER-216 Allow SSL session use to be disabled for client connections

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. TK-124 Provide option for disabling TLS/SSL session caching in Jetty webserver

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. TK-125 Provide option for disabling SSL session reuse in clj-http-client

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-218 Document options for SSL renegotiation w/ virtual ips

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              csschwe Chuck Schweizer
              Erik Dasher Erik Dasher
              Votes:
              3 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support