mtls/tls redis 6版java

fdx2calv  于 2021-06-10  发布在  Redis
关注(0)|答案(2)|浏览(595)

目前,我正在运行redis6与acl和mtls与c#客户端刚刚好。我正在尝试更新我们的java端,以便也使用acl和mtls,但是遇到了一些问题。我目前主要专注于MTL,还没有取得任何进展。这可能是用户的错误,在尝试使用java之前,我已经有5-6年没有使用java了,所以请给出建议。不知道什么或如何真正从这个错误的进展,我做了谷歌搜索并不成功真的。非常感谢您的帮助,我已经很久没有使用java了,所以很可能是问题所在。
跟踪:

Caused by: io.lettuce.core.RedisConnectionException: Unable to connect to localhost:6379
        at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:78)
        at io.lettuce.core.RedisConnectionException.create(RedisConnectionException.java:56)
        at io.lettuce.core.AbstractRedisClient.getConnection(AbstractRedisClient.java:295)
        at io.lettuce.core.RedisClient.connect(RedisClient.java:214)
        at io.lettuce.core.RedisClient.connect(RedisClient.java:199)
        at blah blah blah my code....
        ... 48 more
Caused by: javax.net.ssl.SSLException: SSLEngine closed already
        at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:834)
        at io.netty.handler.ssl.SslHandler.wrapAndFlush(SslHandler.java:797)
        at io.netty.handler.ssl.SslHandler.handleUnwrapThrowable(SslHandler.java:1254)
        at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1230)
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1271)
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:505)
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:444)
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:283)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352)
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1422)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360)
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:931)
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:700)
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:635)
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:552)
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:514)
        at io.netty.util.concurrent.SingleThreadEventExecutor$6.run(SingleThreadEventExecutor.java:1044)
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
        ... 2 more

redis服务器调试日志:

1:M 30 Jul 2020 15:23:10.837 - Accepted 10.0.2.2:62023
1:M 30 Jul 2020 15:23:11.024 # Error accepting a client connection: (null)

java代码:

final RedisClient client = RedisClient.create(RedisURI.Builder.redis(hostConfig,portConfig)
                                      .withSsl(true).withVerifyPeer(false).build().toURI().toString());
if (redisTruststorePath != null && !redisTruststorePath.isEmpty()) {
            SslOptions sslOptions;
            if (redisKeystorePath != null && !redisKeystorePath.isEmpty()) {
                sslOptions = SslOptions.builder()
                        .jdkSslProvider()
                        .keystore(new File(redisKeystorePath), redisKeystorePass)
                        .truststore(new File(redisTruststorePath), redisTruststorePass)
                        .build();
            }
            else {
                sslOptions = SslOptions.builder()
                        .jdkSslProvider()
                        .truststore(new File(redisTruststorePath), redisTruststorePass)
                        .build();
            }
            client.setOptions(ClientOptions.builder().sslOptions(sslOptions).build());
        }
client.connect();

版本:
莴苣版本:6.0.0.m1(在本地windows上运行)
redis版本:6.0.5(本地运行linux虚拟机)
笔记:
c#客户端工作正常,所以怀疑这是redis服务器的问题。
redis uri(在设置前以我的真实代码打印):rediss://localhost:6379

kse8i1jr

kse8i1jr1#

请检查您的客户端日志。

16797:M 03 Aug 2020 09:11:11.246 # Error accepting a client connection: (null)

当redis无法继续连接阶段时,会出现上述消息。当ssl握手未成功完成时(例如,由于证书验证失败),ssl安排中会出现此类消息。
查看上面的代码,创建客户端时使用:

RedisClient.create(RedisURI.Builder.redis(hostConfig,portConfig)                                      .withSsl(true).withVerifyPeer(false).build().toURI().toString());

这个 RedisURI 对象转换为字符串,从而导致 verifyPeer 旗帜。
请将代码更改为:

RedisClient.create(RedisURI.Builder.redis(hostConfig,portConfig)                                      .withSsl(true).withVerifyPeer(false).build());

通过移除 .toURI().toString() .

knpiaxh1

knpiaxh12#

正如@mp911de提到的,我删除了 .toURI().toString() ; 同时,更新到莴苣核心6.0.0.rc并开始使用resp2(如这里所建议的)。这解决了我的问题。我认为这里的主要解决方案是切换到resp2,这也是@mp911de的建议。谢谢@mp911de的帮助!!

相关问题