Jean-Damien HATZENBUHLER created FLINK-28520:
------------------------------------------------
Summary: RestClient doesn't use SNI TLS extension
Key: FLINK-28520
URL: https://issues.apache.org/jira/browse/FLINK-28520
Project: Flink
Issue Type: Bug
Components: Runtime / REST
Affects Versions: 1.15.1, 1.15.0, 1.14.5, 1.14.4, 1.14.3, 1.13.6, 1.14.2
Reporter: Jean-Damien HATZENBUHLER
The {{org.apache.flink.runtime.rest.RestClient}} didn't use SNI TLS extension
when ssl options are activated.
This cause the {{flink cli}} not be able to communicate with {{{}jobmanager{}}}.
h2. How to fix this issue:
Use:
{code:java}
public SslHandler createNettySSLHandler(ByteBufAllocator allocator, String
hostname, int port)
{code}
instead of
{code:java}
public SslHandler createNettySSLHandler(ByteBufAllocator allocator)
{code}
h2. How to reproduce this issue:
Given:
* An existing {{flink}} instance running without ssl options
* An existing certificate for the _hostname_
* An existing load balancer with SNI like {{traefik}} and without a default
certificate between the existing {{flink}} instance and the {{flink cli}}
* A {{flink cli}} configured with the ssl options
When:
* Run the command {{flink list --jobmanager _hostname_:443}}
Then:
* You will get an error {{unrecognized_name}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
