search

crate / docker-crate

Source repository for the official CrateDB Docker image
https://registry.hub.docker.com/_/crate/
Apache License 2.0
49 stars 25 forks source link

Certificate validation error when trying to import CSV dataset from HTTPS origin #168

Closed Darkeye9 closed 4 years ago

Darkeye9 commented 4 years ago

Hi all,

When trying to import a large CSV file from a HTTPS server, crate complains about certificate validation:

cr> COPY taxis_raw FROM 'https://******' WITH (format='csv') RETURN SUMMARY; 
+-----------------------------------------------------+---------------------------------------------------------+---------------+-------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| node                                                | uri                                                     | success_count | error_count | errors                                                                                                                                                                                   |
+-----------------------------------------------------+---------------------------------------------------------+---------------+-------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| {"id": "fJHPU8JVRxaRgCeMvrgMCg", "name": "Hocharn"} | https://**** |          NULL |        NULL | {"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target": {"count": 1, "line_numbers": []}} |
+-----------------------------------------------------+---------------------------------------------------------+---------------+-------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
COPY 1 row in set (0.087 sec)
cr>

Maybe cratedb docker container is missing some CA configuration?

Thanks for your support.

autophagy commented 4 years ago

Hi @Darkeye9, thanks for raising this issue.

I've not been able to replicate this so far. I grabbed a sample csv file from NOAA, just some hourly sample precipitation data: https://catalog.data.gov/dataset/u-s-hourly-precipitation-data

I ran CrateDB 4.1.1 via docker, and created the following table:

CREATE TABLE IF NOT EXISTS "doc"."precipitation" (
   "DATE" TEXT,
   "STATION" TEXT,
   "HPCP" TEXT,
   "Measurement Flag" TEXT,
   "LONGITUDE" TEXT,
   "Quality Flag" TEXT,
   "ELEVATION" TEXT,
   "LATITUDE" TEXT,
   "STATION_NAME" TEXT
);

I then loaded the sample csv from a HTTPS source. 

cr> copy precipitation FROM 'https://www1.ncdc.noaa.gov/pub/data/cdo/samples/PRECIP_HLY_sample_csv.csv' WITH (format='csv') return summary;
[
  {
    "node": {
      "id": "H5LkrrDBS4eBDnNygOVAig",
      "name": "Wandfluhhorn"
    },
    "uri": "https://www1.ncdc.noaa.gov/pub/data/cdo/samples/PRECIP_HLY_sample_csv.csv",
    "success_count": 3,
    "error_count": 0,
    "errors": {}
  }
]
COPY 1 row in set (0.632 sec)

Would you be able to provide me more details about the certificate of your desired target? Whether it was self signed, its certificate authority, etc. Might help us narrow down the issue.

Also, just to be sure, would you be able to tell me which version of CrateDB you're running?

Thank you!

Darkeye9 commented 4 years ago

Hi! Thank you for your speedy response. The certificate is the one configured at https://files.purpleblob.net

Curl on the same container is working as expected, so I think Java is playing a trick on the certificates.

autophagy commented 4 years ago

@Darkeye9 Which CrateDB docker tag are you using?

Darkeye9 commented 4 years ago

Hi, I am using the latest tag. The version is 4.1.1

Thank you for your time.

El vie., 7 feb. 2020 12:59, Mika⠙ notifications@github.com escribió:

@Darkeye9 https://github.com/Darkeye9 Which CrateDB docker tag are you using?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/crate/docker-crate/issues/168?email_source=notifications&email_token=ABLO7N3L3BSGPIR7CSAWOU3RBVEJDA5CNFSM4KQYIG32YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELCWDBQ#issuecomment-583360902, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABLO7N3ZCV3ZB4I4UHSYEF3RBVEJDANCNFSM4KQYIG3Q .

autophagy commented 4 years ago

@Darkeye9 Great, thank you! I wasnt able to immediately reproduce it, but I will dig a little deeper and see if I can find out what might be causing it.

autophagy commented 4 years ago

@Darkeye9 In the meantime, would it be possible for you to set a Java option and provide some logs for when this happens?

You can set CrateDB's java options using an environment variable called CRATE_JAVA_OPTS. One of these options is -Djavax.net.debug=all, which will output SSL debug information to the CrateDB node's logs. Would you be able to enable this option for me, by running:

docker run -p 4200:4200 -e CRATE_JAVA_OPTS="-Djavax.net.debug=all" crate:4.1.1

(or however you are running the docker image), running the COPY FROM query and seeing what is output in the logs? Relevant log lines should begin with javax.net.ssl|DEBUG, for reference.

Thank you! Hopefully this will give us some clues to narrow this down.

Darkeye9 commented 4 years ago

Hi, thanks again for your support, here you have the full logs:

^T[2020-02-11T18:42:50,531][WARN ][d.i.c.a.AnalyzedColumnDefinition] [Reinhart] Column [TIMESTAMP]: Usage of the `TIMESTAMP` data type as a timestamp with zone is deprecated, use the `TIMESTAMPTZ` or `TIMESTAMP WITH TIME ZONE` data type instead.
[2020-02-11T18:42:50,783][INFO ][o.e.c.m.MetaDataCreateIndexService] [Reinhart] [taxis_raw] creating index, cause [api], templates [crate_defaults], shards [4]/[0], mappings [default]
[2020-02-11T18:42:51,961][INFO ][o.e.c.r.a.AllocationService] [Reinhart] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[taxis_raw][3], [taxis_raw][0], [taxis_raw][1]] ...]).
javax.net.ssl|WARNING|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:05.867 UTC|SignatureScheme.java:283|Signature algorithm, ed25519, is not supported by the underlying providers
javax.net.ssl|WARNING|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:05.868 UTC|SignatureScheme.java:283|Signature algorithm, ed448, is not supported by the underlying providers
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:05.969 UTC|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=files.purpleblob.net) was replaced with (type=host_name (0), value=files.purpleblob.net)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:05.973 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS12
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:05.975 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS12
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:05.979 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_CHACHA20_POLY1305_SHA256 for TLS12
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:05.999 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:05.999 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.000 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_CHACHA20_POLY1305_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.001 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.002 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.003 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.003 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.004 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.004 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.005 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.006 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.006 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.006 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.007 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.007 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.007 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.007 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.008 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.008 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.008 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.008 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.009 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.009 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.009 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.009 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.010 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.010 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.010 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.011 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.011 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLS11
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.011 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.012 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.012 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_CHACHA20_POLY1305_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.015 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.015 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.016 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.016 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.016 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.017 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.017 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.017 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.017 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.018 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.018 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.018 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.018 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.018 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.019 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.019 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.019 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.019 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.020 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.021 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.021 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.022 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.022 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.023 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.023 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.024 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLS10
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.024 UTC|HandshakeContext.java:297|Ignore unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLS10
javax.net.ssl|ALL|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.053 UTC|SignatureScheme.java:359|Ignore disabled signature scheme: rsa_md5
javax.net.ssl|INFO|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.054 UTC|AlpnExtension.java:161|No available application protocols
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.055 UTC|SSLExtensions.java:257|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.056 UTC|SessionTicketExtension.java:396|Stateless resumption not supported
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.057 UTC|SSLExtensions.java:257|Ignore, context unavailable extension: session_ticket
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.058 UTC|SSLExtensions.java:257|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.083 UTC|SSLExtensions.java:257|Ignore, context unavailable extension: renegotiation_info
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.083 UTC|PreSharedKeyExtension.java:666|No session to resume.
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.084 UTC|SSLExtensions.java:257|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.088 UTC|ClientHello.java:652|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "A0 83 81 AB E0 D5 67 06 0A 33 52 BA BC FD 47 06 B5 7F FC 91 91 EB 37 CE D0 98 93 27 8B 89 55 BA",
  "session id"          : "0B 0A 76 BF AA B7 43 B2 AC B8 6B 22 18 99 A7 17 F3 4F D3 71 DF A0 E4 01 54 56 E4 C1 23 23 D1 53",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA9), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCA8), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xCCAA), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=files.purpleblob.net
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, dsa_sha256, ecdsa_sha224, rsa_sha224, dsa_sha224, ecdsa_sha1, rsa_pkcs1_sha1, dsa_sha1]
    },
    "status_request_v2 (17)": {
      "cert status request": {
        "certificate status type": ocsp_multi
        "OCSP status request": {
          "responder_id": <empty>
          "request extensions": {
            <empty>
          }
        }
      }
    },
    "extended_master_secret (23)": {
      <empty>
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [  
        {
          "named group": x25519
          "key_exchange": {
            0000: FF 44 E5 76 36 A2 3E B4   BB A8 EC 0D 5F 2D DD 7B  .D.v6.>....._-..
            0010: 05 30 F2 98 27 BC 62 CD   2E 00 60 46 D3 BB B4 00  .0..'.b...`F....
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.090 UTC|SSLSocketOutputRecord.java:258|WRITE: TLS13 handshake, length = 411
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.092 UTC|SSLSocketOutputRecord.java:272|Raw write (
  0000: 16 03 03 01 9B 01 00 01   97 03 03 A0 83 81 AB E0  ................
  0010: D5 67 06 0A 33 52 BA BC   FD 47 06 B5 7F FC 91 91  .g..3R...G......
  0020: EB 37 CE D0 98 93 27 8B   89 55 BA 20 0B 0A 76 BF  .7....'..U. ..v.
  0030: AA B7 43 B2 AC B8 6B 22   18 99 A7 17 F3 4F D3 71  ..C...k".....O.q
  0040: DF A0 E4 01 54 56 E4 C1   23 23 D1 53 00 62 13 02  ....TV..##.S.b..
  0050: 13 01 13 03 C0 2C C0 2B   CC A9 C0 30 CC A8 C0 2F  .....,.+...0.../
  0060: 00 9F CC AA 00 A3 00 9E   00 A2 C0 24 C0 28 C0 23  ...........$.(.#
  0070: C0 27 00 6B 00 6A 00 67   00 40 C0 2E C0 32 C0 2D  .'.k.j.g.@...2.-
  0080: C0 31 C0 26 C0 2A C0 25   C0 29 C0 0A C0 14 C0 09  .1.&.*.%.)......
  0090: C0 13 00 39 00 38 00 33   00 32 C0 05 C0 0F C0 04  ...9.8.3.2......
  00A0: C0 0E 00 9D 00 9C 00 3D   00 3C 00 35 00 2F 00 FF  .......=.<.5./..
  00B0: 01 00 00 EC 00 00 00 19   00 17 00 00 14 66 69 6C  .............fil
  00C0: 65 73 2E 70 75 72 70 6C   65 62 6C 6F 62 2E 6E 65  es.purpleblob.ne
  00D0: 74 00 05 00 05 01 00 00   00 00 00 0A 00 16 00 14  t...............
  00E0: 00 1D 00 17 00 18 00 19   00 1E 01 00 01 01 01 02  ................
  00F0: 01 03 01 04 00 0B 00 02   01 00 00 0D 00 28 00 26  .............(.&
  0100: 04 03 05 03 06 03 08 04   08 05 08 06 08 09 08 0A  ................
  0110: 08 0B 04 01 05 01 06 01   04 02 03 03 03 01 03 02  ................
  0120: 02 03 02 01 02 02 00 32   00 28 00 26 04 03 05 03  .......2.(.&....
  0130: 06 03 08 04 08 05 08 06   08 09 08 0A 08 0B 04 01  ................
  0140: 05 01 06 01 04 02 03 03   03 01 03 02 02 03 02 01  ................
  0150: 02 02 00 11 00 09 00 07   02 00 04 00 00 00 00 00  ................
  0160: 17 00 00 00 2B 00 09 08   03 04 03 03 03 02 03 01  ....+...........
  0170: 00 2D 00 02 01 01 00 33   00 26 00 24 00 1D 00 20  .-.....3.&.$... 
  0180: FF 44 E5 76 36 A2 3E B4   BB A8 EC 0D 5F 2D DD 7B  .D.v6.>....._-..
  0190: 05 30 F2 98 27 BC 62 CD   2E 00 60 46 D3 BB B4 00  .0..'.b...`F....
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.171 UTC|SSLSocketInputRecord.java:460|Raw read (
  0000: 16 03 03 00 61                                     ....a
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.172 UTC|SSLSocketInputRecord.java:213|READ: TLSv1.2 handshake, length = 97
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.173 UTC|SSLSocketInputRecord.java:460|Raw read (
  0000: 02 00 00 5D 03 03 B0 EB   7B BF 73 46 EC 62 3D 1C  ...]......sF.b=.
  0010: 95 1D E0 6C E1 43 EB FD   A0 BD 9C 68 E7 BC AE 07  ...l.C.....h....
  0020: FB 7E E3 89 C4 E0 20 6E   66 01 DF 69 C4 D3 71 26  ...... nf..i..q&
  0030: 44 01 8C FD AC 9B B1 C2   4E 4A CC B5 11 60 CF CB  D.......NJ...`..
  0040: F5 CE 8D EF DF 27 11 C0   30 00 00 15 FF 01 00 01  .....'..0.......
  0050: 00 00 00 00 00 00 0B 00   04 03 00 01 02 00 17 00  ................
  0060: 00                                                 .
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.173 UTC|SSLSocketInputRecord.java:249|READ: TLSv1.2 handshake, length = 97
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.176 UTC|ServerHello.java:887|Consuming ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "B0 EB 7B BF 73 46 EC 62 3D 1C 95 1D E0 6C E1 43 EB FD A0 BD 9C 68 E7 BC AE 07 FB 7E E3 89 C4 E0",
  "session id"          : "6E 66 01 DF 69 C4 D3 71 26 44 01 8C FD AC 9B B1 C2 4E 4A CC B5 11 60 CF CB F5 CE 8D EF DF 27 11",
  "cipher suite"        : "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030)",
  "compression methods" : "00",
  "extensions"          : [
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "server_name (0)": {
      <empty extension_data field>
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
    },
    "extended_master_secret (23)": {
      <empty>
    }
  ]
}
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.177 UTC|SSLExtensions.java:170|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.177 UTC|ServerHello.java:983|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.178 UTC|SSLExtensions.java:189|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.179 UTC|SSLExtensions.java:189|Consumed extension: server_name
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.179 UTC|SSLExtensions.java:170|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.179 UTC|SSLExtensions.java:170|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.180 UTC|SSLExtensions.java:189|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.180 UTC|SSLExtensions.java:170|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.180 UTC|SSLExtensions.java:189|Consumed extension: extended_master_secret
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.181 UTC|SSLExtensions.java:170|Ignore unavailable extension: session_ticket
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.181 UTC|SSLExtensions.java:160|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.181 UTC|SSLExtensions.java:160|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.181 UTC|SSLExtensions.java:189|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.181 UTC|SSLExtensions.java:160|Ignore unsupported extension: pre_shared_key
javax.net.ssl|ALL|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.182 UTC|SSLSessionImpl.java:227|Session initialized:  Session(1581446586182|TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
javax.net.ssl|WARNING|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.182 UTC|SSLExtensions.java:212|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.182 UTC|SSLExtensions.java:204|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:204|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:212|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:204|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:204|Ignore unavailable extension: status_request_v2
javax.net.ssl|WARNING|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:212|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:204|Ignore unavailable extension: session_ticket
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:204|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:204|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.183 UTC|SSLExtensions.java:212|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.184 UTC|SSLExtensions.java:204|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.194 UTC|SSLSocketInputRecord.java:460|Raw read (
  0000: 16 03 03 0A 08                                     .....
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.194 UTC|SSLSocketInputRecord.java:213|READ: TLSv1.2 handshake, length = 2568
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.196 UTC|SSLSocketInputRecord.java:460|Raw read (
  0000: 0B 00 0A 04 00 0A 01 00   05 65 30 82 05 61 30 82  .........e0..a0.
  0010: 04 49 A0 03 02 01 02 02   12 03 20 63 54 9E 87 F7  .I........ cT...
  0020: 4F 42 BE 3B A0 49 70 7F   05 2B 48 30 0D 06 09 2A  OB.;.Ip..+H0...*
  0030: 86 48 86 F7 0D 01 01 0B   05 00 30 4A 31 0B 30 09  .H........0J1.0.
  0040: 06 03 55 04 06 13 02 55   53 31 16 30 14 06 03 55  ..U....US1.0...U
  0050: 04 0A 13 0D 4C 65 74 27   73 20 45 6E 63 72 79 70  ....Let's Encryp
  0060: 74 31 23 30 21 06 03 55   04 03 13 1A 4C 65 74 27  t1#0!..U....Let'
  0070: 73 20 45 6E 63 72 79 70   74 20 41 75 74 68 6F 72  s Encrypt Author
  0080: 69 74 79 20 58 33 30 1E   17 0D 32 30 30 31 32 36  ity X30...200126
  0090: 30 32 31 38 33 33 5A 17   0D 32 30 30 34 32 35 30  021833Z..2004250
  00A0: 32 31 38 33 33 5A 30 1F   31 1D 30 1B 06 03 55 04  21833Z0.1.0...U.
  00B0: 03 13 14 66 69 6C 65 73   2E 70 75 72 70 6C 65 62  ...files.purpleb
  00C0: 6C 6F 62 2E 6E 65 74 30   82 01 22 30 0D 06 09 2A  lob.net0.."0...*
  00D0: 86 48 86 F7 0D 01 01 01   05 00 03 82 01 0F 00 30  .H.............0
  00E0: 82 01 0A 02 82 01 01 00   B7 9B F6 58 21 3E 75 19  ...........X!>u.
  00F0: 99 B5 9B 7F 4E B3 11 B8   43 A6 92 2B 35 C6 0B FE  ....N...C..+5...
  0100: BE 19 B2 AE 14 01 38 52   7D 0A 78 B9 06 F5 C7 0B  ......8R..x.....
  0110: AA 34 40 3E AA 24 42 D9   24 D4 56 AB D6 36 1D D4  .4@>.$B.$.V..6..
  0120: F0 2A 84 48 17 7F BE 5E   AE 05 37 52 B5 CF E3 F3  .*.H...^..7R....
  0130: 7B 2F 09 6C 7A 45 2C 90   B4 54 79 79 7A A9 EB 25  ./.lzE,..Tyyz..%
  0140: 1F AE 60 62 1B 18 F2 B3   EB 1D 91 4B 8F 9D 3B C7  ..`b.......K..;.
  0150: 5C C6 FA EF 6E A6 F8 63   BE 5F C4 56 B5 C1 19 4F  \...n..c._.V...O
  0160: D9 4B D3 AF EE E0 E2 E1   E1 05 E4 5A E7 91 92 B6  .K.........Z....
  0170: 40 41 E9 5B 5E 62 FB DD   E4 1C 1E 2F B2 AD 05 61  @A.[^b...../...a
  0180: 86 52 86 D1 01 FE FB 12   88 8E C6 22 E2 9C 93 9D  .R........."....
  0190: D6 F7 D6 87 BA 60 1C 88   CC 4D 1D 88 34 54 FD 25  .....`...M..4T.%
  01A0: 0E 13 1E AD 60 21 E2 F3   30 C8 11 93 E6 BE 26 50  ....`!..0.....&P
  01B0: BB 71 96 67 DB E4 E9 5F   62 26 7F 85 A6 81 9F 3C  .q.g..._b&.....<
  01C0: 33 F5 EB CB BE 11 65 BB   5A E0 A4 5D C3 8A 6C A2  3.....e.Z..]..l.
  01D0: 2B 3F 86 12 BC 9A 07 33   3B 60 78 12 5A 54 B4 4D  +?.....3;`x.ZT.M
  01E0: D4 91 03 6D 38 D2 27 A7   02 03 01 00 01 A3 82 02  ...m8.'.........
  01F0: 6A 30 82 02 66 30 0E 06   03 55 1D 0F 01 01 FF 04  j0..f0...U......
  0200: 04 03 02 05 A0 30 1D 06   03 55 1D 25 04 16 30 14  .....0...U.%..0.
  0210: 06 08 2B 06 01 05 05 07   03 01 06 08 2B 06 01 05  ..+.........+...
  0220: 05 07 03 02 30 0C 06 03   55 1D 13 01 01 FF 04 02  ....0...U.......
  0230: 30 00 30 1D 06 03 55 1D   0E 04 16 04 14 74 02 AC  0.0...U......t..
  0240: 69 42 36 95 86 90 17 86   16 43 27 30 28 BA EF 47  iB6......C'0(..G
  0250: A4 30 1F 06 03 55 1D 23   04 18 30 16 80 14 A8 4A  .0...U.#..0....J
  0260: 6A 63 04 7D DD BA E6 D1   39 B7 A6 45 65 EF F3 A8  jc......9..Ee...
  0270: EC A1 30 6F 06 08 2B 06   01 05 05 07 01 01 04 63  ..0o..+........c
  0280: 30 61 30 2E 06 08 2B 06   01 05 05 07 30 01 86 22  0a0...+.....0.."
  0290: 68 74 74 70 3A 2F 2F 6F   63 73 70 2E 69 6E 74 2D  http://ocsp.int-
  02A0: 78 33 2E 6C 65 74 73 65   6E 63 72 79 70 74 2E 6F  x3.letsencrypt.o
  02B0: 72 67 30 2F 06 08 2B 06   01 05 05 07 30 02 86 23  rg0/..+.....0..#
  02C0: 68 74 74 70 3A 2F 2F 63   65 72 74 2E 69 6E 74 2D  http://cert.int-
  02D0: 78 33 2E 6C 65 74 73 65   6E 63 72 79 70 74 2E 6F  x3.letsencrypt.o
  02E0: 72 67 2F 30 1F 06 03 55   1D 11 04 18 30 16 82 14  rg/0...U....0...
  02F0: 66 69 6C 65 73 2E 70 75   72 70 6C 65 62 6C 6F 62  files.purpleblob
  0300: 2E 6E 65 74 30 4C 06 03   55 1D 20 04 45 30 43 30  .net0L..U. .E0C0
  0310: 08 06 06 67 81 0C 01 02   01 30 37 06 0B 2B 06 01  ...g.....07..+..
  0320: 04 01 82 DF 13 01 01 01   30 28 30 26 06 08 2B 06  ........0(0&..+.
  0330: 01 05 05 07 02 01 16 1A   68 74 74 70 3A 2F 2F 63  ........http://c
  0340: 70 73 2E 6C 65 74 73 65   6E 63 72 79 70 74 2E 6F  ps.letsencrypt.o
  0350: 72 67 30 82 01 05 06 0A   2B 06 01 04 01 D6 79 02  rg0.....+.....y.
  0360: 04 02 04 81 F6 04 81 F3   00 F1 00 76 00 5E A7 73  ...........v.^.s
  0370: F9 DF 56 C0 E7 B5 36 48   7D D0 49 E0 32 7A 91 9A  ..V...6H..I.2z..
  0380: 0C 84 A1 12 12 84 18 75   96 81 71 45 58 00 00 01  .......u..qEX...
  0390: 6F DF DB AC C3 00 00 04   03 00 47 30 45 02 21 00  o.........G0E.!.
  03A0: 95 B5 CD 21 92 EA 42 D3   E0 54 9C 9A 29 2E 60 73  ...!..B..T..).`s
  03B0: 6C 75 7A E8 96 48 DC 74   A4 66 3C 4A 7A 77 DD D7  luz..H.t.f<Jzw..
  03C0: 02 20 6D D1 78 E5 7B 63   2A AC 8B 43 07 95 77 3A  . m.x..c*..C..w:
  03D0: 9F A3 19 73 DE CA 24 2C   14 C4 8A 17 0F 2C D9 98  ...s..$,.....,..
  03E0: D2 F5 00 77 00 B2 1E 05   CC 8B A2 CD 8A 20 4E 87  ...w......... N.
  03F0: 66 F9 2B B9 8A 25 20 67   6B DA FA 70 E7 B2 49 53  f.+..% gk..p..IS
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.205 UTC|SSLSocketInputRecord.java:460|Raw read (
  0000: 2D EF 8B 90 5E 00 00 01   6F DF DB AC AB 00 00 04  -...^...o.......
  0010: 03 00 48 30 46 02 21 00   F7 91 34 8C 93 58 B5 E2  ..H0F.!...4..X..
  0020: 0E 17 A4 1D A7 A7 F4 99   06 3E 95 8C 87 19 6C 13  .........>....l.
  0030: 7C CE 49 44 69 10 5C 19   02 21 00 AE 9A B1 58 7B  ..IDi.\..!....X.
  0040: DB 05 32 B0 57 58 15 F7   29 7D 9D 1E 5D 4E F9 18  ..2.WX..)...]N..
  0050: C8 DD 33 59 BE 1F 59 4B   0C ED EB 30 0D 06 09 2A  ..3Y..YK...0...*
  0060: 86 48 86 F7 0D 01 01 0B   05 00 03 82 01 01 00 79  .H.............y
  0070: 6B 98 EF BC 26 2A 85 E2   94 DC 40 06 2D 28 52 0E  k...&*....@.-(R.
  0080: 9C B2 A4 30 0D 7B CE CD   61 29 3F 9C 27 08 66 76  ...0....a)?.'.fv
  0090: 55 4A 27 73 68 8B 86 C0   97 0E F5 D9 CA 03 9E FE  UJ'sh...........
  00A0: 3F 5E 5C 17 4E BB 69 FF   0C 99 A8 B3 D9 4E 45 85  ?^\.N.i......NE.
  00B0: 99 CF 5B 38 B2 A2 7A B1   1F 5F 10 07 69 65 3F 76  ..[8..z.._..ie?v
  00C0: 1F 9A D4 D5 3C D0 0B 17   08 5B 23 8D 52 20 AC 5C  ....<....[#.R .\
  00D0: 23 76 5F E7 06 38 CD 8A   4D 77 49 81 9C E3 31 E2  #v_..8..MwI...1.
  00E0: 74 2A CE AD 68 96 E4 FB   13 D8 01 C2 B9 C5 C6 29  t*..h..........)
  00F0: DA B9 D5 B8 72 86 9D 57   14 F1 E3 A5 EA 1F 41 DF  ....r..W......A.
  0100: 16 D6 F9 05 20 F5 19 0D   6E 45 B4 85 23 F5 11 4B  .... ...nE..#..K
  0110: 69 F6 39 38 D0 49 A3 9F   53 EF DF E6 0C 2D 78 B8  i.98.I..S....-x.
  0120: 3A A4 6A C2 0C D2 13 1B   51 0E 07 42 73 87 69 FA  :.j.....Q..Bs.i.
  0130: 38 7E 6D E7 63 6A B2 84   15 D3 A3 D9 DE 0F 88 36  8.m.cj.........6
  0140: 27 C7 08 E5 87 6F 43 11   DF AC E6 DA 60 71 8D 8B  '....oC.....`q..
  0150: 93 19 CF 77 1A AA 46 22   15 5C A1 F4 6F 3A EC 45  ...w..F".\..o:.E
  0160: D4 A4 DC CB CA 7F E3 95   CE 67 FB 05 B3 A1 D2 00  .........g......
  0170: 04 96 30 82 04 92 30 82   03 7A A0 03 02 01 02 02  ..0...0..z......
  0180: 10 0A 01 41 42 00 00 01   53 85 73 6A 0B 85 EC A7  ...AB...S.sj....
  0190: 08 30 0D 06 09 2A 86 48   86 F7 0D 01 01 0B 05 00  .0...*.H........
  01A0: 30 3F 31 24 30 22 06 03   55 04 0A 13 1B 44 69 67  0?1$0"..U....Dig
  01B0: 69 74 61 6C 20 53 69 67   6E 61 74 75 72 65 20 54  ital Signature T
  01C0: 72 75 73 74 20 43 6F 2E   31 17 30 15 06 03 55 04  rust Co.1.0...U.
  01D0: 03 13 0E 44 53 54 20 52   6F 6F 74 20 43 41 20 58  ...DST Root CA X
  01E0: 33 30 1E 17 0D 31 36 30   33 31 37 31 36 34 30 34  30...16031716404
  01F0: 36 5A 17 0D 32 31 30 33   31 37 31 36 34 30 34 36  6Z..210317164046
  0200: 5A 30 4A 31 0B 30 09 06   03 55 04 06 13 02 55 53  Z0J1.0...U....US
  0210: 31 16 30 14 06 03 55 04   0A 13 0D 4C 65 74 27 73  1.0...U....Let's
  0220: 20 45 6E 63 72 79 70 74   31 23 30 21 06 03 55 04   Encrypt1#0!..U.
  0230: 03 13 1A 4C 65 74 27 73   20 45 6E 63 72 79 70 74  ...Let's Encrypt
  0240: 20 41 75 74 68 6F 72 69   74 79 20 58 33 30 82 01   Authority X30..
  0250: 22 30 0D 06 09 2A 86 48   86 F7 0D 01 01 01 05 00  "0...*.H........
  0260: 03 82 01 0F 00 30 82 01   0A 02 82 01 01 00 9C D3  .....0..........
  0270: 0C F0 5A E5 2E 47 B7 72   5D 37 83 B3 68 63 30 EA  ..Z..G.r]7..hc0.
  0280: D7 35 26 19 25 E1 BD BE   35 F1 70 92 2F B7 B8 4B  .5&.%...5.p./..K
  0290: 41 05 AB A9 9E 35 08 58   EC B1 2A C4 68 87 0B A3  A....5.X..*.h...
  02A0: E3 75 E4 E6 F3 A7 62 71   BA 79 81 60 1F D7 91 9A  .u....bq.y.`....
  02B0: 9F F3 D0 78 67 71 C8 69   0E 95 91 CF FE E6 99 E9  ...xgq.i........
  02C0: 60 3C 48 CC 7E CA 4D 77   12 24 9D 47 1B 5A EB B9  `<H...Mw.$.G.Z..
  02D0: EC 1E 37 00 1C 9C AC 7B   A7 05 EA CE 4A EB BD 41  ..7.........J..A
  02E0: E5 36 98 B9 CB FD 6D 3C   96 68 DF 23 2A 42 90 0C  .6....m<.h.#*B..
  02F0: 86 74 67 C8 7F A5 9A B8   52 61 14 13 3F 65 E9 82  .tg.....Ra..?e..
  0300: 87 CB DB FA 0E 56 F6 86   89 F3 85 3F 97 86 AF B0  .....V.....?....
  0310: DC 1A EF 6B 0D 95 16 7D   C4 2B A0 65 B2 99 04 36  ...k.....+.e...6
  0320: 75 80 6B AC 4A F3 1B 90   49 78 2F A2 96 4F 2A 20  u.k.J...Ix/..O* 
  0330: 25 29 04 C6 74 C0 D0 31   CD 8F 31 38 95 16 BA A8  %)..t..1..18....
  0340: 33 B8 43 F1 B1 1F C3 30   7F A2 79 31 13 3D 2D 36  3.C....0..y1.=-6
  0350: F8 E3 FC F2 33 6A B9 39   31 C5 AF C4 8D 0D 1D 64  ....3j.91......d
  0360: 16 33 AA FA 84 29 B6 D4   0B C0 D8 7D C3 93 02 03  .3...)..........
  0370: 01 00 01 A3 82 01 7D 30   82 01 79 30 12 06 03 55  .......0..y0...U
  0380: 1D 13 01 01 FF 04 08 30   06 01 01 FF 02 01 00 30  .......0.......0
  0390: 0E 06 03 55 1D 0F 01 01   FF 04 04 03 02 01 86 30  ...U...........0
  03A0: 7F 06 08 2B 06 01 05 05   07 01 01 04 73 30 71 30  ...+........s0q0
  03B0: 32 06 08 2B 06 01 05 05   07 30 01 86 26 68 74 74  2..+.....0..&htt
  03C0: 70 3A 2F 2F 69 73 72 67   2E 74 72 75 73 74 69 64  p://isrg.trustid
  03D0: 2E 6F 63 73 70 2E 69 64   65 6E 74 72 75 73 74 2E  .ocsp.identrust.
  03E0: 63 6F 6D 30 3B 06 08 2B   06 01 05 05 07 30 02 86  com0;..+.....0..
  03F0: 2F 68 74 74 70 3A 2F 2F   61 70 70 73 2E 69 64 65  /http://apps.ide
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.212 UTC|SSLSocketInputRecord.java:460|Raw read (
  0000: 6E 74 72 75 73 74 2E 63   6F 6D 2F 72 6F 6F 74 73  ntrust.com/roots
  0010: 2F 64 73 74 72 6F 6F 74   63 61 78 33 2E 70 37 63  /dstrootcax3.p7c
  0020: 30 1F 06 03 55 1D 23 04   18 30 16 80 14 C4 A7 B1  0...U.#..0......
  0030: A4 7B 2C 71 FA DB E1 4B   90 75 FF C4 15 60 85 89  ..,q...K.u...`..
  0040: 10 30 54 06 03 55 1D 20   04 4D 30 4B 30 08 06 06  .0T..U. .M0K0...
  0050: 67 81 0C 01 02 01 30 3F   06 0B 2B 06 01 04 01 82  g.....0?..+.....
  0060: DF 13 01 01 01 30 30 30   2E 06 08 2B 06 01 05 05  .....000...+....
  0070: 07 02 01 16 22 68 74 74   70 3A 2F 2F 63 70 73 2E  ...."http://cps.
  0080: 72 6F 6F 74 2D 78 31 2E   6C 65 74 73 65 6E 63 72  root-x1.letsencr
  0090: 79 70 74 2E 6F 72 67 30   3C 06 03 55 1D 1F 04 35  ypt.org0<..U...5
  00A0: 30 33 30 31 A0 2F A0 2D   86 2B 68 74 74 70 3A 2F  0301./.-.+http:/
  00B0: 2F 63 72 6C 2E 69 64 65   6E 74 72 75 73 74 2E 63  /crl.identrust.c
  00C0: 6F 6D 2F 44 53 54 52 4F   4F 54 43 41 58 33 43 52  om/DSTROOTCAX3CR
  00D0: 4C 2E 63 72 6C 30 1D 06   03 55 1D 0E 04 16 04 14  L.crl0...U......
  00E0: A8 4A 6A 63 04 7D DD BA   E6 D1 39 B7 A6 45 65 EF  .Jjc......9..Ee.
  00F0: F3 A8 EC A1 30 0D 06 09   2A 86 48 86 F7 0D 01 01  ....0...*.H.....
  0100: 0B 05 00 03 82 01 01 00   DD 33 D7 11 F3 63 58 38  .........3...cX8
  0110: DD 18 15 FB 09 55 BE 76   56 B9 70 48 A5 69 47 27  .....U.vV.pH.iG'
  0120: 7B C2 24 08 92 F1 5A 1F   4A 12 29 37 24 74 51 1C  ..$...Z.J.)7$tQ.
  0130: 62 68 B8 CD 95 70 67 E5   F7 A4 BC 4E 28 51 CD 9B  bh...pg....N(Q..
  0140: E8 AE 87 9D EA D8 BA 5A   A1 01 9A DC F0 DD 6A 1D  .......Z......j.
  0150: 6A D8 3E 57 23 9E A6 1E   04 62 9A FF D7 05 CA B7  j.>W#....b......
  0160: 1F 3F C0 0A 48 BC 94 B0   B6 65 62 E0 C1 54 E5 A3  .?..H....eb..T..
  0170: 2A AD 20 C4 E9 E6 BB DC   C8 F6 B5 C3 32 A3 98 CC  *. .........2...
  0180: 77 A8 E6 79 65 07 2B CB   28 FE 3A 16 52 81 CE 52  w..ye.+.(.:.R..R
  0190: 0C 2E 5F 83 E8 D5 06 33   FB 77 6C CE 40 EA 32 9E  .._....3.wl.@.2.
  01A0: 1F 92 5C 41 C1 74 6C 5B   5D 0A 5F 33 CC 4D 9F AC  ..\A.tl[]._3.M..
  01B0: 38 F0 2F 7B 2C 62 9D D9   A3 91 6F 25 1B 2F 90 B1  8./.,b....o%./..
  01C0: 19 46 3D F6 7E 1B A6 7A   87 B9 A3 7A 6D 18 FA 25  .F=....z...zm..%
  01D0: A5 91 87 15 E0 F2 16 2F   58 B0 06 2F 2C 68 26 C6  ......./X../,h&.
  01E0: 4B 98 CD DA 9F 0C F9 7F   90 ED 43 4A 12 44 4E 6F  K.........CJ.DNo
  01F0: 73 7A 28 EA A4 AA 6E 7B   4C 7D 87 DD E0 C9 02 44  sz(...n.L......D
  0200: A7 87 AF C3 34 5B B4 42                            ....4[.B
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.214 UTC|SSLSocketInputRecord.java:249|READ: TLSv1.2 handshake, length = 2568
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.225 UTC|CertificateMessage.java:357|Consuming server Certificate handshake message (
"Certificates": [
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "03 20 63 54 9E 87 F7 4F 42 BE 3B A0 49 70 7F 05 2B 48",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US",
    "not before"         : "2020-01-26 02:18:33.000 UTC",
    "not  after"         : "2020-04-25 02:18:33.000 UTC",
    "subject"            : "CN=files.purpleblob.net",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
      },
      {
        ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
        AuthorityInfoAccess [
          [
           accessMethod: ocsp
           accessLocation: URIName: http://ocsp.int-x3.letsencrypt.org
        , 
           accessMethod: caIssuers
           accessLocation: URIName: http://cert.int-x3.letsencrypt.org/
        ]
        ]
      },
      {
        ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: A8 4A 6A 63 04 7D DD BA   E6 D1 39 B7 A6 45 65 EF  .Jjc......9..Ee.
        0010: F3 A8 EC A1                                        ....
        ]
        ]
      },
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:false
          PathLen: undefined
        ]
      },
      {
        ObjectId: 2.5.29.32 Criticality=false
        CertificatePolicies [
          [CertificatePolicyId: [2.23.140.1.2.1]
        []  ]
          [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
        [PolicyQualifierInfo: [
          qualifierID: 1.3.6.1.5.5.7.2.1
          qualifier: 0000: 16 1A 68 74 74 70 3A 2F   2F 63 70 73 2E 6C 65 74  ..http://cps.let
        0010: 73 65 6E 63 72 79 70 74   2E 6F 72 67              sencrypt.org

        ]]  ]
        ]
      },
      {
        ObjectId: 2.5.29.37 Criticality=false
        ExtendedKeyUsages [
          serverAuth
          clientAuth
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          DigitalSignature
          Key_Encipherment
        ]
      },
      {
        ObjectId: 2.5.29.17 Criticality=false
        SubjectAlternativeName [
          DNSName: files.purpleblob.net
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: 74 02 AC 69 42 36 95 86   90 17 86 16 43 27 30 28  t..iB6......C'0(
        0010: BA EF 47 A4                                        ..G.
        ]
        ]
      }
    ]},
  "certificate" : {
    "version"            : "v3",
    "serial number"      : "0A 01 41 42 00 00 01 53 85 73 6A 0B 85 EC A7 08",
    "signature algorithm": "SHA256withRSA",
    "issuer"             : "CN=DST Root CA X3, O=Digital Signature Trust Co.",
    "not before"         : "2016-03-17 16:40:46.000 UTC",
    "not  after"         : "2021-03-17 16:40:46.000 UTC",
    "subject"            : "CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US",
    "subject public key" : "RSA",
    "extensions"         : [
      {
        ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
        AuthorityInfoAccess [
          [
           accessMethod: ocsp
           accessLocation: URIName: http://isrg.trustid.ocsp.identrust.com
        , 
           accessMethod: caIssuers
           accessLocation: URIName: http://apps.identrust.com/roots/dstrootcax3.p7c
        ]
        ]
      },
      {
        ObjectId: 2.5.29.35 Criticality=false
        AuthorityKeyIdentifier [
        KeyIdentifier [
        0000: C4 A7 B1 A4 7B 2C 71 FA   DB E1 4B 90 75 FF C4 15  .....,q...K.u...
        0010: 60 85 89 10                                        `...
        ]
        ]
      },
      {
        ObjectId: 2.5.29.19 Criticality=true
        BasicConstraints:[
          CA:true
          PathLen:0
        ]
      },
      {
        ObjectId: 2.5.29.31 Criticality=false
        CRLDistributionPoints [
          [DistributionPoint:
             [URIName: http://crl.identrust.com/DSTROOTCAX3CRL.crl]
        ]]
      },
      {
        ObjectId: 2.5.29.32 Criticality=false
        CertificatePolicies [
          [CertificatePolicyId: [2.23.140.1.2.1]
        []  ]
          [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
        [PolicyQualifierInfo: [
          qualifierID: 1.3.6.1.5.5.7.2.1
          qualifier: 0000: 16 22 68 74 74 70 3A 2F   2F 63 70 73 2E 72 6F 6F  ."http://cps.roo
        0010: 74 2D 78 31 2E 6C 65 74   73 65 6E 63 72 79 70 74  t-x1.letsencrypt
        0020: 2E 6F 72 67                                        .org

        ]]  ]
        ]
      },
      {
        ObjectId: 2.5.29.15 Criticality=true
        KeyUsage [
          DigitalSignature
          Key_CertSign
          Crl_Sign
        ]
      },
      {
        ObjectId: 2.5.29.14 Criticality=false
        SubjectKeyIdentifier [
        KeyIdentifier [
        0000: A8 4A 6A 63 04 7D DD BA   E6 D1 39 B7 A6 45 65 EF  .Jjc......9..Ee.
        0010: F3 A8 EC A1                                        ....
        ]
        ]
      }
    ]}
]
)
javax.net.ssl|ERROR|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.330 UTC|TransportContext.java:316|Fatal (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
"throwable" : {
  sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:384)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:289)
    at java.base/sun.security.validator.Validator.validate(Validator.java:264)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:625)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:460)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
    at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:181)
    at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
    at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1460)
    at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1368)
    at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:437)
    at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
    at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:171)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1587)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1515)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
    at java.base/java.net.URL.openStream(URL.java:1162)
    at io.crate.execution.engine.collect.files.URLFileInput.getStream(URLFileInput.java:51)
    at io.crate.execution.engine.collect.files.FileReadingIterator.initCurrentReader(FileReadingIterator.java:197)
    at io.crate.execution.engine.collect.files.FileReadingIterator.advanceToNextUri(FileReadingIterator.java:176)
    at io.crate.execution.engine.collect.files.FileReadingIterator.advanceToNextFileInput(FileReadingIterator.java:188)
    at io.crate.execution.engine.collect.files.FileReadingIterator.moveNext(FileReadingIterator.java:162)
    at io.crate.data.CloseAssertingBatchIterator.moveNext(CloseAssertingBatchIterator.java:54)
    at io.crate.data.BatchIterators$1.moveNext(BatchIterators.java:120)
    at io.crate.execution.engine.indexing.BatchIteratorBackpressureExecutor.consumeIterator(BatchIteratorBackpressureExecutor.java:150)
    at io.crate.execution.engine.indexing.BatchIteratorBackpressureExecutor.consumeIteratorAndExecute(BatchIteratorBackpressureExecutor.java:99)
    at io.crate.execution.engine.indexing.ShardingUpsertExecutor.apply(ShardingUpsertExecutor.java:285)
    at io.crate.execution.engine.indexing.ShardingUpsertExecutor.apply(ShardingUpsertExecutor.java:70)
    at io.crate.data.CollectingBatchIterator.lambda$newInstance$4(CollectingBatchIterator.java:95)
    at io.crate.data.CollectingBatchIterator.loadNextBatch(CollectingBatchIterator.java:140)
    at io.crate.data.CloseAssertingBatchIterator.loadNextBatch(CloseAssertingBatchIterator.java:68)
    at io.crate.action.sql.RowConsumerToResultReceiver.consumeIt(RowConsumerToResultReceiver.java:86)
    at io.crate.action.sql.RowConsumerToResultReceiver.accept(RowConsumerToResultReceiver.java:53)
    at io.crate.execution.engine.InterceptingRowConsumer.lambda$tryForwardResult$1(InterceptingRowConsumer.java:92)
    at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:624)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:830)
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:379)
    ... 42 more}

)
javax.net.ssl|ALL|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.330 UTC|SSLSessionImpl.java:1288|Invalidated session:  Session(1581446586182|TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.331 UTC|SSLSocketOutputRecord.java:72|WRITE: TLS12 alert(certificate_unknown), length = 2
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.331 UTC|SSLSocketOutputRecord.java:86|Raw write (
  0000: 15 03 03 00 02 02 2E                               .......
)
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.332 UTC|SSLSocketImpl.java:1699|close the underlying socket
javax.net.ssl|DEBUG|34|cratedb[Reinhart][search][T#3]|2020-02-11 18:43:06.332 UTC|SSLSocketImpl.java:1718|close the SSL connection (initiative)

I hope there's something in there that serves you to shed some light into the issue.

Darkeye9 commented 4 years ago

Futhermore it seems to have the same problem with every Let's Encrypt issued certificate.

Here you have another URL that throws the same error https://storage.gra.cloud.ovh.net

autophagy commented 4 years ago

@Darkeye9 Ah, thanks for the additional info. I've been able to replicate it with the https://storage.gra.cloud.ovh.net address. I'll look into whether this is a misconfiguration issue, or whether extra SSL config is needed, and whether there are any immediate mitigating steps. Thanks for your patience!

autophagy commented 4 years ago

@Darkeye9 Good news! We've managed to identify the problem - it's actually a bug within CrateDB itself, and not the result of a docker file misconfiguration. I will create a fix, and let you know when either the fix is merged or released. :slightly_smiling_face:

autophagy commented 4 years ago

@Darkeye9 Version 4.1.3 is now available as a testing release as the docker image crate/crate:4.1.3. This version contains the fix for this issue, so I will close this issue. Please feel free to reopen this if it is still a problem!