[jira] [Commented] (CASSANDRA-7973) cqlsh connect error "member_descriptor' object is not callable"

Stefania (JIRA) Sun, 24 May 2015 22:26:41 -0700

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-7973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14557979#comment-14557979
 ]


Stefania commented on CASSANDRA-7973:
-------------------------------------

Thanks for the details.

If I use the same settings, with self-signed certificates generated as follows:

{code}
keytool -genkeypair -alias cassandra -keyalg RSA -keysize 1024 -keystore 
.keystore -storepass cassandra -keypass cassandra
keytool -exportcert -alias cassandra -rfc -file ca.cert -keystore .keystore 
-storepass cassandra
#copy ca.cert in JRE/lib/security and then run:
keytool -import -alias ca -file ca.cert -keystore cacerts -storepass changeit
{code}

Then with python 2.6.9 I get

{code}
Connection error: ('Unable to connect to any servers', {'127.0.0.1': 
ConnectionShutdown('Connection <AsyncoreConnection(16844176) 127.0.0.1:9042 
(closed)> is already closed',)})
{code}

and server side:

{code}
INFO  05:07:23 Unexpected exception during request; channel = [id: 0x6ce43cee, 
/127.0.0.1:37617 => /127.0.0.1:9042]
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 
030000000500000000
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860) 
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326) 
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264) 
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
{code}

Whereas with python 2.7.6 it works. I also tested validate=true and that too 
works with 2.7.6 and fails with 2.6.9.

[~eperott] is this what you observe or is it different?

I've also run the server locally with {{-Djavax.net.debug=all}} to debug the 
ssl connection using the following commands:

{code}
JVM_EXTRA_OPTS=-Djavax.net.debug=all
cassandra -f | tee output.txt
less output.txt | grep -v "Ignoring unavailable cipher suite" | less
{code}

And here is what I get:

{code}
Using SSLEngineImpl.
epollEventLoopGroup-2-7, called closeOutbound()
epollEventLoopGroup-2-7, closeOutboundInternal()
epollEventLoopGroup-2-7, called closeInbound()
epollEventLoopGroup-2-7, fatal error: 80: Inbound closed before receiving 
peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's 
close_notify: possible truncation attack?
epollEventLoopGroup-2-7, SEND TLSv1.2 ALERT:  fatal, description = 
internal_error
epollEventLoopGroup-2-7, Exception sending alert: java.io.IOException: writer 
side was already closed.
epollEventLoopGroup-2-7, called closeOutbound()
epollEventLoopGroup-2-7, closeOutboundInternal()
epollEventLoopGroup-2-7, called closeInbound()
epollEventLoopGroup-2-7, closeInboundInternal()
INFO  05:07:23 Unexpected exception during request; channel = [id: 0x6ce43cee, 
/127.0.0.1:37617 => /127.0.0.1:9042]
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 
030000000500000000
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860) 
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326) 
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264) 
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at 
io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
 ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
{code}

So some additional information on the connection being closed prematurely. 
Therefore I attached the python debugger to cqlsh and I verified that the 
connection is closed because recv() is called with no data in asynccore.py, 
line 377.

I also tried using java 7 rather than java 8, or the latest netty stable 
version (4.0.28) but it made no difference. 

My best guess is a python issue with the asyncore and/or the ssl module, 
[~aholmber] anything else we could try?


> cqlsh connect error "member_descriptor' object is not callable"
> ---------------------------------------------------------------
>
>                 Key: CASSANDRA-7973
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7973
>             Project: Cassandra
>          Issue Type: Bug
>         Environment: Cassandra 2.1.0
>            Reporter: Digant Modha
>            Assignee: Philip Thompson
>            Priority: Minor
>              Labels: cqlsh, lhf
>             Fix For: 2.1.x
>
>
> When using cqlsh (Cassandra 2.1.0) with ssl, python 2.6.9. I get Connection 
> error: ('Unable to connect to any servers', {...: 
> TypeError("'member_descriptor' object is not callable",)}) 
> I am able to connect from another machine using python 2.7.5.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CASSANDRA-7973) cqlsh connect error "member_descriptor' object is not callable"

Reply via email to