Random ssl handshake failed exception #112
Comments
|
Hi, it looks like this fails inside the underlying librdkafka. Could you maybe try asking at https://github.com/edenhill/librdkafka? |
|
Hi again! I asked @edenhill about this error, but no results... Also i've asked our other teams and they say that python client works fine with librdkafka and they didn't get any errors about ssl. |
|
Is confluent-kafka-python working with the same configuration? On the same machine? |
|
Actually it's other project that uses same kafka environment, same client config (except client certificates). We are using different machines and environments for our projects. UPD: Just asked them - they are using same client certificates as we do |
|
So all config and all certs et.al are identical? (verify with md5sum or similar) The only things that are different are:
|
|
librdkafka - they are using some RC version of 0.9.2, but 0.9.1 also works fine for them. Yes differences only in platform and OS |
|
What are the OpenSSL versions on the respective platforms? |
|
python-lib - OpenSSL 1.0.1 14 Mar 2012 We didn't use OpenSSL - rdkafka works without it, but even if i have it installed - nothing changes. |
|
Let's move this issue over to librdkafka. Set up your brokers with Java SSL debugging (as previously instructed on gitter) and provide relevant parts of broker logs and stderr/stdout showing:
Run both of these clients with debug=ssl (librdkafka property) and provide log/debug output. Please correletate client and broker logs. |
|
Ok, i'll create and issue there when I'll get all the logs |
|
Hey, @edenhill just digging logs from kafka and found this: |
|
Could you maybe try using the python librdkafka.dll with the C# wrapper? Just replace the file. The one shipped with rdkafka has a statically compiled in OpenSSL, which is why your installed version makes no difference. |
|
Python guys that librdkafka builds into .so file not .dll so we can't use it |
|
@ah- When do you plan to update Internal Rdkafka-dotnet to 0.9.2 librdkafka? Maybe it will be a resolution of this issue... |
|
@TheMidgardWatcher for info, you can use RdKafka prerelease to target librdkafka 0.9.2 (to check if it resolves your issue) |
|
@treziac - already tried ci builds of rdkafka-dotnet - no result |
|
The latest ci builds already use a final 0.9.2 librdkafka shared library. Could you try using some other 0.9.2 librdkafka.dll? I suspect the issue might be with how the bundled one got built, maybe due to OpenSSL or something else. |
|
Hi there, @ah-! I've already tried almost all ci builds of rdkafka-dotnet - from 0.9.2-ci-170 to 0.9.2-ci-186. |
|
I think he meant to retrieve (or build) librdkafka.dll and put it in the folder for execution (instead of the one coming from RdKafka.Internal which is packed in RdKafka, found in folders x64 or x86). For example, the current packaged dll does not include LZ4, it might also not support openssl correctly (didn't use it so can't confirm) |
|
Hi, yeah that was the idea, all the binaries on nuget were built on the same CI server, so they might all have the same issues. A different build, especially with a different OpenSSL might change it. |
|
Are you building for the same architecture? 64/32bit? |
|
Yes, I built both libs - 32/64 and tried them with same result. |
Hi, @ah- !
I'm getting ssl exceptions randomly when using ssl security protocol:
-181|2017-01-11 15:08:17.642|Test#consumer-4|FAIL| ssl://xxx:9093/bootstrap: SSL handshake failed: .\ssl\s3_both.c:406: error:1408E0F4:SSL routines:ssl3_get_message:unexpected message: : client authentication might be required (see broker log) Error: UNKNOWN_TOPIC_OR_PARTAm I doing something wrong or it's a bug?
The text was updated successfully, but these errors were encountered: