When talking to TLS enabled server, while the client communicated with the Controller over TLS, it attempted to communicate with Segment Store services over plaintext channels, as opposed to the TLS channel it should have used. This led to Segment Store rejecting the connection and the exceptions shared in issue #105. This PR fixes that issue.
Purpose of the change
Resolves #105.
What the code does
The code in this PR does the following:
Reuses the ClientConfig instance, so that the same configuration remains applicable for all client-server communications.
Introduces a new flag for specifying whether to validate server certificate hostname.
How to verify it
Here's how the verify it:
Start the Pravega Standalone server with TLS and auth enabled. (Steps)
Run Pravega benchmark with TLS and auth params specified.
# Supply TLS and Auth Parameters via Environment Variables.
$ JAVA_TOOL_OPTIONS="-Djavax.net.ssl.trustStore=/path/to/client.truststore.jks"
$ JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Dpravega.client.auth.method=Basic"
$ JAVA_TOOL_OPTIONS="${JAVA_TOOL_OPTIONS} -Dpravega.client.auth.token=YWRtaW46MTExMV9hYWFh"
$ export JAVA_TOOL_OPTIONS
# Execute a command using the Pravega Benchmark tool.
$ ./run/pravega-benchmark/bin/pravega-benchmark -scope test-scope -producers 1 \
-controller "tls://localhost:9090" \
-events 1 -time 5 -segments 1 -size 10 -stream test-stream
The output should indicate a successful run, and should have no security exceptions.
.... INFO io.pravega.perf.PerfStats - 5 records Writing ...
Try running another command that writes and reads, and check the output looks good.
Changelog description
Fix TLS connection config error.
When talking to TLS enabled server, while the client communicated with the Controller over
TLS
, it attempted to communicate with Segment Store services overplaintext
channels, as opposed to theTLS
channel it should have used. This led to Segment Store rejecting the connection and the exceptions shared in issue #105. This PR fixes that issue.Purpose of the change
Resolves #105.
What the code does
The code in this PR does the following:
ClientConfig
instance, so that the same configuration remains applicable for all client-server communications.How to verify it
Here's how the verify it:
Start the Pravega Standalone server with
TLS
andauth
enabled. (Steps)Run Pravega benchmark with
TLS
andauth
params specified.The output should indicate a successful run, and should have no security exceptions.
Try running another command that writes and reads, and check the output looks good.