search

Mapepire-IBMi / mapepire-js

TS client for Db2 for i/Mapepire
Apache License 2.0
8 stars 4 forks source link

getCertificate throws SSL error #42

Open jonnyz32 opened 1 week ago

jonnyz32 commented 1 week ago

Calling get certificate throws the error 

Error: C0FA8E0302000000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1605:SSL alert number 40
worksofliam commented 1 week ago

@jonnyz32 Any steps to recreate?

jonnyz32 commented 1 week ago

@worksofliam On server: yum install mapepire-server yum install service-commander sc start mapepire

On client: npm run test -- sql.test.ts

I know @william-xiang is currently investigating

william-xiang commented 1 week ago

@jonnyz32 @worksofliam The reason of this failure is because the PTF Group for Java is out of date, so client and server cannot agree on the TLS version and cipher suites during handshake. Fix this by changing to use java11 in the mapepire startup script used in the sc command.

jonnyz32 commented 1 week ago

I'm wondering if the getCertificate function should also be updated to give a more friendly error message. Maybe something along the lines of "Client and Server do not have overlapping TLS versions. Please run using the same Java version"

william-xiang commented 1 week ago

I'm wondering if the getCertificate function should also be updated to give a more friendly error message. Maybe something along the lines of "Client and Server do not have overlapping TLS versions. Please run using the same Java version"

That's a good idea. But we need to check if we can get the very detailed error message to get the actual reason. Otherwise it may be misleading sometimes.

jonnyz32 commented 1 week ago

@worksofliam @william-xiang Here's one possible improvement. Let me know your thoughts https://github.com/Mapepire-IBMi/mapepire-js/pull/43/files