failed to retrieve node topology: failed to get storage pools for node #128

kvaps · 2021-08-04T17:13:37Z

Hi, after upgrade to linstor from v1.13.0 to v1.14.0, csi-node-driver-registrar container falling down with the following message:

time="2021-08-04T17:11:00Z" level=debug msg="curl -X 'GET' -H 'Accept: application/json' 'https://linstor-controller:3371/v1/nodes/m1c7/storage-pools'"
time="2021-08-04T17:11:00Z" level=error msg="method failed" func="github.com/sirupsen/logrus.(*Entry).Error" file="/go/pkg/mod/github.com/sirupsen/[email protected]/entry.go:297" error="failed to retrieve node topology: failed to get storage pools for node: Get \"https://linstor-controller:3371/v1/nodes/m1c7/storage-pools\": EOF" linstorCSIComponent=driver method=/csi.v1.Node/NodeGetInfo nodeID=m1c7 provisioner=linstor.csi.linbit.com req= resp="<nil>" version=v0.13.1

The text was updated successfully, but these errors were encountered:

kvaps · 2021-08-04T21:17:30Z

The same with ha-controller:

time="2021-08-04T21:09:11Z" level=info msg="starting piraeus-ha-controller" version=0.0.0-unknown
time="2021-08-04T21:09:11Z" level=fatal msg="failed to set up lost resource monitor" error="Get \"https://linstor-controller:3371/v1/events/drbd/promotion\": EOF"

It seems there is some incompatibility of golinstor with ssl on new linstor version. When I disabling SSL everything is starting working

kvaps · 2021-08-04T21:46:35Z

Version when it was working:

Version:            1.13.0 (37c02e20aa52f26ef28ce4464925d9e53327171c)
Build time:         2021-06-25T13:20:41+00:00
Java Version:       11
Java VM:            Debian, Version 11.0.11+9-post-Debian-1deb10u1
Operating system:   Linux, Version 5.4.0-77-generic

Version when it stopped working:

Version:            1.14.0 (26a99c32238e3801b43855ea5a7d34b2571f929f)
Build time:         2021-08-04T13:29:58+00:00
Java Version:       11
Java VM:            Debian, Version 11.0.12+7-post-Debian-2deb10u1
Operating system:   Linux, Version 5.4.0-60-generic

WanzenBug · 2021-08-05T07:14:12Z

This looks like a configuration issue to me. Note that the HA controller hasn't changed since January, using an old golinstor version.

I believe the EOF error happens when the server rejects a client certificate, but I am not sure. Could you verify that the pods are using the right certificates?

kvaps · 2021-08-05T07:26:34Z

I believe the EOF error happens when the server rejects a client certificate, but I am not sure. Could you verify that the pods are using the right certificates?

Yes, I can confirm that certificates are fine. I can even exec into pod and call curl with the same certificates:

kubectl exec -ti -n linstor linstor-csi-node-pgx2v -c linstor-csi-plugin -- bash

apt update && apt install curl -y
mkdir -p /tls
echo "$LS_USER_CERTIFICATE" > /tls/tls.crt
echo "$LS_USER_KEY" > /tls/tls.key
echo "$LS_ROOT_CA" > /tls/ca.crt
curl --cacert /tls/ca.crt --cert /tls/tls.crt --key /tls/tls.key https://linstor-controller:3371/v1/nodes/m1c9/storage-pools
# [{"storage_pool_name":"DfltDisklessStorPool","node_name":"m1c9","provider_kind":"DISKLESS","props":{"PrefNic":"data"},"static_traits":{"SupportsSnapshots":"false"},"free_capacity":9223372036854775807,"total_capacity":9223372036854775807,"free_space_mgr_name":"m1c9:DfltDisklessStorPool","uuid":"f51e962d-e683-417e-b6d7-5acab23b538c","supports_snapshots":false,"external_locking":false},{"storage_pool_name":"thindata","node_name":"m1c9","provider_kind":"LVM_THIN","props":{"PrefNic":"data","StorDriver/LvmVg":"data","StorDriver/StorPoolName":"data/thindata","StorDriver/ThinPool":"thindata"},"static_traits":{"Provisioning":"Thin","SupportsSnapshots":"true"},"free_capacity":879688155,"total_capacity":884998144,"free_space_mgr_name":"m1c9:thindata","uuid":"ea1b64eb-fd48-4cd1-8fd7-2e9c286a7907","supports_snapshots":true,"external_locking":false}]

Note that the HA controller hasn't changed since January, using an old golinstor version

I have own Dockerfiles built from the source code, but I also tried the official images
It seems golinstor requires some upgrade as it can't work with new linstor-controller SSL for some reason

I'm going to try new golang version as well

kvaps · 2021-08-05T07:39:24Z

UPD: just tried golang:1.16 and golang:1.17-rc1, no changes still the same error

WanzenBug · 2021-08-05T08:43:37Z

SSL seems to be working fine in my tests. I tried it with the piraeus builds, with LINBIT builds and also with your docker images. Not sure what is different in your environment 😕

kvaps · 2021-08-05T14:09:59Z

I tried both oficial images piraeus-server and piraeus-csi-driver, and I still have the same problem

I'm just trying to dig it out, I run linstor-controller with JAVA_OPTS=-Djavax.net.debug=ssl,handshake, and when establushing the connections I see javax.net.ssl.SSLHandshakeException: Empty client certificate chain error:

javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.468 UTC|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"signed_certificate_timestamp (18)": {

}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.468 UTC|ClientHello.java:809|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "C4 8C 84 3B 38 8A 48 05 AB 53 04 E1 34 ED 80 08 EF E9 86 3F F3 36 65 A0 3E 63 1C 85 50 04 2E 92",
  "session id"          : "4D 72 06 69 53 71 01 B7 FA 95 59 D2 0F 6D D1 AE AB 72 90 32 E2 3E F5 28 94 06 13 FA 33 E5 4B 3D",
  "cipher suites"       : "[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), UNKNOWN-CIPHER-SUITE(0xCCA8)(0xCCA8), UNKNOWN-CIPHER-SUITE(0xCCA9)(0xCCA9), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(0xC012), SSL_RSA_WITH_3DES_EDE_CBC_SHA(0x000A), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_AES_256_GCM_SHA384(0x1302)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=linstor-controller
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [rsa_pss_rsae_sha256, ecdsa_secp256r1_sha256, ed25519, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pkcs1_sha1, ecdsa_sha1]
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "signed_certificate_timestamp (18)": {

    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": x25519
          "key_exchange": {
            0000: 99 D6 4F 96 88 61 8B 58   3B 49 BC 46 B7 E0 9A DA  ..O..a.X;I.F....
            0010: 8E D0 66 DE 57 65 E4 FE   7A 76 B5 3B 14 CC 28 6E  ..f.We..zv.;..(n
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|ClientHello.java:839|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|PskKeyExchangeModesExtension.java:293|abort session resumption, no supported psk_dhe_ke PSK key exchange mode
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|PreSharedKeyExtension.java:807|Handling pre_shared_key absence.
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|ServerNameExtension.java:327|no server name matchers, ignore server name indication
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:192|Consumed extension: server_name
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:192|Consumed extension: status_request
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:163|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:192|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:173|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:163|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:163|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:173|Ignore unavailable extension: cookie
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.469 UTC|SSLExtensions.java:173|Ignore unavailable extension: certificate_authorities
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.470 UTC|SSLExtensions.java:192|Consumed extension: key_share
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.470 UTC|SSLExtensions.java:163|Ignore unsupported extension: renegotiation_info
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.472 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.472 UTC|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.472 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: status_request
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.472 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.472 UTC|SignatureScheme.java:436|Unsupported signature scheme: ed25519
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.473 UTC|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.473 UTC|SSLExtensions.java:207|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.473 UTC|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.473 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.474 UTC|SSLExtensions.java:207|Ignore unavailable extension: cookie
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.474 UTC|SSLExtensions.java:207|Ignore unavailable extension: certificate_authorities
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.474 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.474 UTC|ServerHello.java:713|use cipher suite TLS_AES_128_GCM_SHA256
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.475 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.476 UTC|ServerHello.java:572|Produced ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "45 71 B7 7C 61 7F D4 3B C4 FA E3 E6 6F 62 F1 C8 C5 00 75 D3 13 8E AE CB 75 DB CF EF 8B C5 55 5A",
  "session id"          : "4D 72 06 69 53 71 01 B7 FA 95 59 D2 0F 6D D1 AE AB 72 90 32 E2 3E F5 28 94 06 13 FA 33 E5 4B 3D",
  "cipher suite"        : "TLS_AES_128_GCM_SHA256(0x1301)",
  "compression methods" : "00",
  "extensions"          : [
    "supported_versions (43)": {
      "selected version": [TLSv1.3]
    },
    "key_share (51)": {
      "server_share": {
        "named group": x25519
        "key_exchange": {
          0000: 5F 72 EB B0 68 1F 75 2E   66 4E FE 6D 2A FA 18 F5  _r..h.u.fN.m*...
          0010: 50 6C 74 D3 EB CB 80 3D   3D BD 26 F3 37 48 77 73  Plt....==.&.7Hws
        }
      },
    }
  ]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.477 UTC|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.477 UTC|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.478 UTC|ServerNameExtension.java:537|No expected server name indication response
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.478 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.478 UTC|MaxFragExtension.java:469|Ignore unavailable max_fragment_length extension
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.478 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.478 UTC|AlpnExtension.java:384|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.478 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.479 UTC|EncryptedExtensions.java:137|Produced EncryptedExtensions message (
"EncryptedExtensions": [
  "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
  }
]
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.481 UTC|CertificateRequest.java:882|Produced CertificateRequest message (
"CertificateRequest": {
  "certificate_request_context": "",
  "extensions": [
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "certificate_authorities (47)": {
      "certificate authorities": [
        CN=linstor-controller]
    }
  ]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.482 UTC|StatusResponseManager.java:763|Staping disabled or is a resumed session
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.482 UTC|CertStatusExtension.java:1112|Stapling is disabled for this connection
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.482 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: status_request
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.482 UTC|CertificateMessage.java:1022|Produced server Certificate message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "2C DB 49 35 92 2C 2F 2D A4 97 42 5A EC BF 0A A7",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=linstor-ca",
      "not before"         : "2021-08-05 10:51:51.000 UTC",
      "not  after"         : "2031-08-03 10:51:51.000 UTC",
      "subject"            : "CN=linstor-controller",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.35 Criticality=false
          AuthorityKeyIdentifier [
          KeyIdentifier [
          0000: 82 A6 F6 5E 55 01 3D 7A   AB EC 34 84 C6 4F A7 55  ...^U.=z..4..O.U
          0010: 05 2B 6E 5C                                        .+n\
          ]
          ]
        },
        {
          ObjectId: 2.5.29.19 Criticality=true
          BasicConstraints:[
            CA:false
            PathLen: undefined
          ]
        },
        {
          ObjectId: 2.5.29.37 Criticality=false
          ExtendedKeyUsages [
            serverAuth
          ]
        },
        {
          ObjectId: 2.5.29.15 Criticality=true
          KeyUsage [
            DigitalSignature
            Key_Encipherment
          ]
        },
        {
          ObjectId: 2.5.29.17 Criticality=false
          SubjectAlternativeName [
            DNSName: linstor-controller
            DNSName: linstor-controller.linstor
            DNSName: linstor-controller.linstor.svc
            DNSName: localhost
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }
  },
]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.487 UTC|CertificateVerify.java:1111|Produced server CertificateVerify handshake message (
"CertificateVerify": {
  "signature algorithm": rsa_pss_rsae_sha256
  "signature": {
    0000: 91 80 7F FB 77 05 E6 AC   EC 91 6A 70 49 9F 10 74  ....w.....jpI..t
    0010: E9 C1 FF 05 24 6E 7A C7   4F 7D EF D0 59 9E 04 3C  ....$nz.O...Y..<
    0020: 8A B8 1C D8 3A 13 BB A7   F4 2B 49 9B BA FC 99 B2  ....:....+I.....
    0030: A4 F6 63 07 86 46 B4 37   67 24 CD 11 42 E9 DA 2D  ..c..F.7g$..B..-
    0040: 79 C4 B9 42 84 86 0D D1   18 B5 B5 C2 F3 38 5B 7D  y..B.........8[.
    0050: 14 A0 FB A5 24 27 D5 8B   29 92 32 55 E0 EE A0 24  ....$'..).2U...$
    0060: 11 0B C9 D1 7F B4 04 99   B0 F9 50 9C 37 55 14 71  ..........P.7U.q
    0070: 56 D6 69 6C 3D 9D F9 41   CF 78 99 F5 F0 8D 5C 2F  V.il=..A.x....\/
    0080: FC 37 3D E5 00 7D A1 C8   E9 2B D3 27 7D AE DC B3  .7=......+.'....
    0090: F6 D7 42 07 AF 59 A6 7C   5C AD E9 32 5D A3 53 6B  ..B..Y..\..2].Sk
    00A0: 99 E4 AE 4F 6A CB 37 4D   1B 34 6B 52 05 EF 5A 1D  ...Oj.7M.4kR..Z.
    00B0: 41 93 AA 92 26 A5 C8 02   A4 AD E5 F2 11 83 1B E3  A...&...........
    00C0: 04 3F 07 90 2C 92 8A 21   44 D2 32 CA 63 1C B8 2F  .?..,..!D.2.c../
    00D0: 97 57 35 35 AD F7 74 04   53 20 F4 BF EA 13 6B F1  .W55..t.S ....k.
    00E0: B7 03 56 C8 80 44 29 B3   CA D8 5B 95 D7 84 BB A1  ..V..D)...[.....
    00F0: F0 4C 63 BC 5A C2 B1 C4   6A C2 27 34 66 7E 30 5F  .Lc.Z...j.'4f.0_
  }
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.487 UTC|Finished.java:767|Produced server Finished handshake message (
"Finished": {
  "verify data": {
    0000: 85 68 FC 60 CC 5D 37 91   D1 B5 5F 17 C1 18 6C AA  .h.`.]7..._...l.
    0010: 2F B3 4C 56 B5 7E 40 72   07 F9 C7 E7 05 5F 49 E6  /.LV..@r....._I.
  }'}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.487 UTC|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.489 UTC|ChangeCipherSpec.java:246|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.489 UTC|CertificateMessage.java:1178|Consuming client Certificate handshake message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [
]
}
)
javax.net.ssl|ERROR|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:04:56.490 UTC|TransportContext.java:341|Fatal (BAD_CERTIFICATE): Empty client certificate chain (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Empty client certificate chain
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
  	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:336)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
  	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:283)
  	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1194)
  	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1181)
  	at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
  	at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
  	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074)
  	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
  	at java.base/java.security.AccessController.doPrivileged(Native Method)
  	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008)
  	at org.glassfish.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:250)
  	at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:684)
  	at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:598)
  	at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:310)
  	at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:95)
  	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:260)
  	at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:177)
  	at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:109)
  	at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:88)
  	at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:53)
  	at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:515)
  	at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:89)
  	at org.glassfish.grizzly.strategies.SameThreadIOStrategy.executeIoEvent(SameThreadIOStrategy.java:79)
  	at org.glassfish.grizzly.strategies.AbstractIOStrategy.executeIoEvent(AbstractIOStrategy.java:66)
  	at org.glassfish.grizzly.nio.SelectorRunner.iterateKeyEvents(SelectorRunner.java:391)
  	at org.glassfish.grizzly.nio.SelectorRunner.iterateKeys(SelectorRunner.java:360)
  	at org.glassfish.grizzly.nio.SelectorRunner.doSelect(SelectorRunner.java:324)
  	at org.glassfish.grizzly.nio.SelectorRunner.run(SelectorRunner.java:255)
  	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:569)
  	at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:549)
  	at java.base/java.lang.Thread.run(Thread.java:829)}
)

while using curl, everything is fine:



javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.873 UTC|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"unknown extension (13,172)": {

}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.873 UTC|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"encrypt_then_mac (22)": {

}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.873 UTC|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"unknown extension (49)": {

}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.874 UTC|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"client_certificate_type (21)": {
  0000: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0010: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0020: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0030: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0040: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0050: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0060: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0070: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0080: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  0090: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  00A0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
  00B0: 00 00 00 00 00                                     .....
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|ClientHello.java:809|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "CF BA FE F6 9B DD D0 B7 A4 EA 46 44 74 B2 06 9B 9E 56 3A D8 97 72 51 CB C5 82 3A 7D C2 70 25 90",
  "session id"          : "74 5D C6 AE DB 89 CA 30 59 FA 84 69 A2 78 41 AE A3 29 5B 91 03 E9 B2 47 E9 29 D7 54 C4 1A 9E 61",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_AES_128_GCM_SHA256(0x1301), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), UNKNOWN-CIPHER-SUITE(0xCCA9)(0xCCA9), UNKNOWN-CIPHER-SUITE(0xCCA8)(0xCCA8), UNKNOWN-CIPHER-SUITE(0xCCAA)(0xCCAA), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=linstor-controller
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, x448, secp521r1, secp384r1]
    },
    "unknown extension (13,172)": {

    },
    "application_layer_protocol_negotiation (16)": {
      [h2, http/1.1]
    },
    "encrypt_then_mac (22)": {

    },
    "extended_master_secret (23)": {
      <empty>
    },
    "unknown extension (49)": {

    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha224, rsa_sha224, dsa_sha224, dsa_sha256, dsa_sha384, dsa_sha512]
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": x25519
          "key_exchange": {
            0000: 18 6D AF F1 A0 3C 2F 1D   83 26 A2 BB A9 3B 30 90  .m...</..&...;0.
            0010: A4 94 AB F8 CD E2 E9 F4   68 90 FE E0 AA 01 88 06  ........h.......
          }
        },
      ]
    },
    "client_certificate_type (21)": {
      0000: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0010: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0020: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0030: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0040: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0050: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0060: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0070: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0080: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      0090: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      00A0: 00 00 00 00 00 00 00 00   00 00 00 00 00 00 00 00  ................
      00B0: 00 00 00 00 00                                     .....
    }
  ]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|ClientHello.java:839|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:192|Consumed extension: psk_key_exchange_modes
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|PreSharedKeyExtension.java:807|Handling pre_shared_key absence.
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|ServerNameExtension.java:327|no server name matchers, ignore server name indication
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:192|Consumed extension: server_name
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:163|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:192|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:173|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|AlpnExtension.java:296|Ignore server unenabled extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.875 UTC|SSLExtensions.java:192|Consumed extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.876 UTC|SSLExtensions.java:163|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.876 UTC|SSLExtensions.java:163|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.876 UTC|SSLExtensions.java:173|Ignore unavailable extension: cookie
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.876 UTC|SSLExtensions.java:173|Ignore unavailable extension: certificate_authorities
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.876 UTC|SSLExtensions.java:192|Consumed extension: key_share
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.876 UTC|SSLExtensions.java:163|Ignore unsupported extension: renegotiation_info
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.877 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.877 UTC|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.878 UTC|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.878 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.878 UTC|SignatureScheme.java:436|Unsupported signature scheme: ed25519
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.878 UTC|SignatureScheme.java:436|Unsupported signature scheme: ed448
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SignatureScheme.java:436|Unsupported signature scheme: ecdsa_sha224
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SignatureScheme.java:436|Unsupported signature scheme: rsa_sha224
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SignatureScheme.java:436|Unsupported signature scheme: dsa_sha224
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SignatureScheme.java:436|Unsupported signature scheme: dsa_sha256
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SignatureScheme.java:424|Unsupported signature scheme: dsa_sha384
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SignatureScheme.java:424|Unsupported signature scheme: dsa_sha512
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SSLExtensions.java:207|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SSLExtensions.java:207|Ignore unavailable extension: cookie
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: psk_key_exchange_modes
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SSLExtensions.java:207|Ignore unavailable extension: certificate_authorities
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.879 UTC|ServerHello.java:713|use cipher suite TLS_AES_256_GCM_SHA384
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.880 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.880 UTC|ServerHello.java:572|Produced ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "97 9D F8 9A 50 DF 20 90 CD 9D D3 36 52 D7 C9 71 31 25 A4 35 B9 E3 B1 65 28 80 63 1F 91 3E 76 B1",
  "session id"          : "74 5D C6 AE DB 89 CA 30 59 FA 84 69 A2 78 41 AE A3 29 5B 91 03 E9 B2 47 E9 29 D7 54 C4 1A 9E 61",
  "cipher suite"        : "TLS_AES_256_GCM_SHA384(0x1302)",
  "compression methods" : "00",
  "extensions"          : [
    "supported_versions (43)": {
      "selected version": [TLSv1.3]
    },
    "key_share (51)": {
      "server_share": {
        "named group": x25519
        "key_exchange": {
          0000: 5C 16 06 A2 EC 6C DE 17   C6 FE 13 85 8D 2D 3E D6  \....l.......->.
          0010: 1B 7F 08 0F 4E 91 74 1C   F0 25 BA 14 C2 2F 10 73  ....N.t..%.../.s
        }
      },
    }
  ]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.882 UTC|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.882 UTC|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.882 UTC|ServerNameExtension.java:537|No expected server name indication response
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.882 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.882 UTC|MaxFragExtension.java:469|Ignore unavailable max_fragment_length extension
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.882 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.883 UTC|AlpnExtension.java:384|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.883 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.883 UTC|EncryptedExtensions.java:137|Produced EncryptedExtensions message (
"EncryptedExtensions": [
  "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
  }
]
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.884 UTC|CertificateRequest.java:882|Produced CertificateRequest message (
"CertificateRequest": {
  "certificate_request_context": "",
  "extensions": [
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "certificate_authorities (47)": {
      "certificate authorities": [
        CN=linstor-controller]
    }
  ]
}
)
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.884 UTC|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.884 UTC|CertificateMessage.java:1084|Unavailable authentication scheme: ecdsa_secp256r1_sha256
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|CertificateMessage.java:1084|Unavailable authentication scheme: ecdsa_secp384r1_sha384
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|CertificateMessage.java:1084|Unavailable authentication scheme: ecdsa_secp521r1_sha512
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|CertificateMessage.java:1084|Unavailable authentication scheme: rsa_pss_pss_sha256
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|CertificateMessage.java:1084|Unavailable authentication scheme: rsa_pss_pss_sha384
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|CertificateMessage.java:1084|Unavailable authentication scheme: rsa_pss_pss_sha512
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|StatusResponseManager.java:763|Staping disabled or is a resumed session
javax.net.ssl|ALL|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|CertStatusExtension.java:1112|Stapling is disabled for this connection
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.885 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: status_request
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.886 UTC|CertificateMessage.java:1022|Produced server Certificate message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "2C DB 49 35 92 2C 2F 2D A4 97 42 5A EC BF 0A A7",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=linstor-ca",
      "not before"         : "2021-08-05 10:51:51.000 UTC",
      "not  after"         : "2031-08-03 10:51:51.000 UTC",
      "subject"            : "CN=linstor-controller",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.35 Criticality=false
          AuthorityKeyIdentifier [
          KeyIdentifier [
          0000: 82 A6 F6 5E 55 01 3D 7A   AB EC 34 84 C6 4F A7 55  ...^U.=z..4..O.U
          0010: 05 2B 6E 5C                                        .+n\
          ]
          ]
        },
        {
          ObjectId: 2.5.29.19 Criticality=true
          BasicConstraints:[
            CA:false
            PathLen: undefined
          ]
        },
        {
          ObjectId: 2.5.29.37 Criticality=false
          ExtendedKeyUsages [
            serverAuth
          ]
        },
        {
          ObjectId: 2.5.29.15 Criticality=true
          KeyUsage [
            DigitalSignature
            Key_Encipherment
          ]
        },
        {
          ObjectId: 2.5.29.17 Criticality=false
          SubjectAlternativeName [
            DNSName: linstor-controller
            DNSName: linstor-controller.linstor
            DNSName: linstor-controller.linstor.svc
            DNSName: localhost
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }
  },
]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.889 UTC|CertificateVerify.java:1111|Produced server CertificateVerify handshake message (
"CertificateVerify": {
  "signature algorithm": rsa_pss_rsae_sha256
  "signature": {
    0000: AC 4F 7B D0 D7 A4 31 70   9D EB D0 F5 D7 4A F8 94  .O....1p.....J..
    0010: 69 9C 65 22 D3 DC A5 A3   AC 57 5D 42 88 08 9B EC  i.e".....W]B....
    0020: BB 3D 80 EF CE 3D B2 96   2E AD FA 0E 77 06 4E D1  .=...=......w.N.
    0030: FD 1A DE 8B 45 CA CD FC   1E 3A 63 15 44 A9 47 BF  ....E....:c.D.G.
    0040: 42 86 E0 24 4C 7E 0B 87   45 20 A8 7A EB EF 0E 2C  B..$L...E .z...,
    0050: 1F 96 87 21 F8 06 1C 21   A4 2C B4 88 4C 06 AC 4B  ...!...!.,..L..K
    0060: 42 09 AC FD F6 76 35 08   07 2E 22 9E E4 88 68 39  B....v5..."...h9
    0070: 0A 21 1A 8C 9F 1A C0 FA   DE ED E2 38 EB 30 73 19  .!.........8.0s.
    0080: B9 B4 5F EB 37 00 B3 9C   0E 68 FD 53 D2 09 4E 3D  .._.7....h.S..N=
    0090: 83 5D 1A 39 C8 CC 91 CF   0E 46 0A 5F E9 80 7F 54  .].9.....F._...T
    00A0: 38 8C B6 F7 91 72 FC E6   DA F5 07 C0 54 0F 32 FE  8....r......T.2.
    00B0: 15 4D 58 08 23 2D D2 DE   01 27 B7 EE 55 47 4D 20  .MX.#-...'..UGM
    00C0: 88 AD 0C CA AD DE 0D 85   EB ED D3 B2 04 9C 7C 18  ................
    00D0: 11 85 DF 44 7F 8B 74 0F   8E B7 BF C6 0B 5B 8B D1  ...D..t......[..
    00E0: A4 2D B9 F0 48 23 CB F1   89 1D 85 3B 17 34 A4 8C  .-..H#.....;.4..
    00F0: 10 4A 3A B9 7A 1E 96 EB   D9 EB D1 60 2D 2D 48 A7  .J:.z......`--H.
  }
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.889 UTC|Finished.java:767|Produced server Finished handshake message (
"Finished": {
  "verify data": {
    0000: E1 C2 7E 43 CE CC 3F 69   B4 7E F8 1A 25 0B 87 6D  ...C..?i....%..m
    0010: 88 DB 1E 8F 22 A1 FA 1A   3B DE 9C 9A C7 D2 24 06  ...."...;.....$.
    0020: DC 34 C1 3C 10 1A 0F 2F   C9 B5 D6 EB BF 84 8D DE  .4.<.../........
  }'}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.890 UTC|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.893 UTC|ChangeCipherSpec.java:246|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.893 UTC|CertificateMessage.java:1178|Consuming client Certificate handshake message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "00 83 7E FB D8 BE 57 20 3B C5 92 1B CF 42 98 CD 0E",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=linstor-ca",
      "not before"         : "2021-08-05 10:51:51.000 UTC",
      "not  after"         : "2031-08-03 10:51:51.000 UTC",
      "subject"            : "CN=linstor-controller",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.35 Criticality=false
          AuthorityKeyIdentifier [
          KeyIdentifier [
          0000: 82 A6 F6 5E 55 01 3D 7A   AB EC 34 84 C6 4F A7 55  ...^U.=z..4..O.U
          0010: 05 2B 6E 5C                                        .+n\
          ]
          ]
        },
        {
          ObjectId: 2.5.29.19 Criticality=true
          BasicConstraints:[
            CA:false
            PathLen: undefined
          ]
        },
        {
          ObjectId: 2.5.29.37 Criticality=false
          ExtendedKeyUsages [
            clientAuth
          ]
        },
        {
          ObjectId: 2.5.29.15 Criticality=true
          KeyUsage [
            DigitalSignature
            Key_Encipherment
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }
  },
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "00 89 64 EC AC 59 A5 01 A8 10 2A B8 08 A7 8D 27 90",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=linstor-ca",
      "not before"         : "2021-04-15 17:16:08.000 UTC",
      "not  after"         : "2031-04-13 17:16:08.000 UTC",
      "subject"            : "CN=linstor-ca",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.19 Criticality=true
          BasicConstraints:[
            CA:true
            PathLen:2147483647
          ]
        },
        {
          ObjectId: 2.5.29.15 Criticality=true
          KeyUsage [
            DigitalSignature
            Key_Encipherment
            Key_CertSign
          ]
        },
        {
          ObjectId: 2.5.29.14 Criticality=false
          SubjectKeyIdentifier [
          KeyIdentifier [
          0000: 82 A6 F6 5E 55 01 3D 7A   AB EC 34 84 C6 4F A7 55  ...^U.=z..4..O.U
          0010: 05 2B 6E 5C                                        .+n\
          ]
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }
  },
]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.894 UTC|CertificateVerify.java:1163|Consuming CertificateVerify handshake message (
"CertificateVerify": {
  "signature algorithm": rsa_pss_rsae_sha256
  "signature": {
    0000: 35 46 09 4E B6 48 29 30   D7 69 C8 13 6A A8 63 86  5F.N.H)0.i..j.c.
    0010: FF D8 78 7C 86 03 35 4C   7D 0D 67 61 4B A9 D3 25  ..x...5L..gaK..%
    0020: AF 2B 69 A7 46 25 2D E2   F0 9E AB C6 99 5F 17 FF  .+i.F%-......_..
    0030: F1 47 59 11 33 00 04 A7   9E CE 9D 53 61 19 83 A0  .GY.3......Sa...
    0040: BF 8E A2 1F 64 B5 07 21   AC D3 D6 96 EE E1 14 CA  ....d..!........
    0050: 62 2C 4D E0 52 4A 4D 70   4A ED 5F 4C 1B BE 7E CB  b,M.RJMpJ._L....
    0060: 6A 95 BD 9D BC CA 17 B2   09 1E 56 5A 2C 98 46 02  j.........VZ,.F.
    0070: CD 89 F2 17 0D 73 07 BD   42 A5 77 2B 01 4A 26 42  .....s..B.w+.J&B
    0080: 8C 68 8D E9 81 FF AC 92   38 14 85 07 D9 65 DD 85  .h......8....e..
    0090: 04 A1 96 23 C4 43 41 D9   7B C2 5A 4E 56 C7 BD 3A  ...#.CA...ZNV..:
    00A0: 63 E8 0C 48 0D 4C A0 CD   10 81 1A 0A 17 10 A1 15  c..H.L..........
    00B0: 17 B1 27 E1 FF D1 8D D4   6E 1A A3 08 AA 0E 32 99  ..'.....n.....2.
    00C0: 03 00 43 92 DB C0 9A D4   B0 D1 A2 5D E6 06 E9 3D  ..C........]...=
    00D0: E9 B7 98 83 3E B5 83 7F   63 CF 63 FD 19 7C B1 E9  ....>...c.c.....
    00E0: CA 86 B8 12 A1 AF F9 A2   BF E4 9A 8A 14 D2 31 33  ..............13
    00F0: FE D0 F4 E9 3B 52 02 82   94 28 BE B3 CD F9 14 F6  ....;R...(......
  }
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.895 UTC|Finished.java:1032|Consuming client Finished handshake message (
"Finished": {
  "verify data": {
    0000: 91 96 C8 6D EA CE CA B6   B4 4D 81 DA B7 C5 28 27  ...m.....M....('
    0010: 28 4A E7 47 7B C4 13 57   B5 B8 D9 B4 15 8D A0 73  (J.G...W.......s
    0020: C5 53 2B 98 F5 E8 73 0E   96 8C E3 5A 05 9F 78 65  .S+...s....Z..xe
  }'}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.895 UTC|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.895 UTC|Finished.java:1131|Sending new session ticket
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:39.896 UTC|NewSessionTicket.java:255|Produced NewSessionTicket handshake message (
"NewSessionTicket": {
  "ticket_lifetime"      : "86,400",
  "ticket_age_add"       : "<omitted>",
  "ticket_nonce"         : "01",
  "ticket"               : "8D BF 17 F0 80 4F 86 2B CD B8 9F 3C CF 80 9E F0 DF B3 9E EC B4 72 C6 63 75 22 50 0B 0B 7A 20 CF",
  "extensions"           : [
    <no extension>
  ]
}
)
javax.net.ssl|DEBUG|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:40.221 UTC|Alert.java:238|Received alert message (
"Alert": {
  "level"      : "warning",
  "description": "close_notify"
}
)
javax.net.ssl|WARNING|20|grizzly-nio-kernel(2) SelectorRunner|2021-08-05 14:07:40.221 UTC|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data

WanzenBug · 2021-08-05T14:41:52Z

Thanks for digging into this issue. To me, it still looks like go/linstor-csi/linstor-ha doesn't like one of LS_USER_CERTIFICATE or LS_USER_KEY. No idea why it doesn't error-out in that case.

kvaps · 2021-08-05T15:00:44Z

I don't think the problem in these certs, the same binaries are working with linstor-controller v1.13.0 and do not work with linstor-controller v1.14.0 in same configuration.

Eg. connection log with linstor-controller v1.13.0:

javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.988 UTC|SSLExtensions.java:135|Ignore unknown or unsupported extension (
"signed_certificate_timestamp (18)": {

}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.989 UTC|ClientHello.java:809|Consuming ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "EF 76 07 F3 17 54 5D CC CD 8E A3 71 7A 0D 60 B6 6D D4 38 C8 53 C0 89 86 89 59 7C A5 5A 96 2F A5",
  "session id"          : "FE AF BD 4F 48 19 E9 B7 3F 0C 6D 81 8B BF A5 3C EA 12 C8 C8 A7 54 E9 60 00 0D D1 82 4C BD E7 44",
  "cipher suites"       : "[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), UNKNOWN-CIPHER-SUITE(0xCCA8)(0xCCA8), UNKNOWN-CIPHER-SUITE(0xCCA9)(0xCCA9), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(0xC012), SSL_RSA_WITH_3DES_EDE_CBC_SHA(0x000A), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303), TLS_AES_256_GCM_SHA384(0x1302)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=linstor-controller
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1]
    },
    "ec_point_formats (11)": {
      "formats": [uncompressed]
    },
    "signature_algorithms (13)": {
      "signature schemes": [rsa_pss_rsae_sha256, ecdsa_secp256r1_sha256, ed25519, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pkcs1_sha1, ecdsa_sha1]
    },
    "renegotiation_info (65,281)": {
      "renegotiated connection": [<no renegotiated connection>]
    },
    "signed_certificate_timestamp (18)": {

    },
    "supported_versions (43)": {
      "versions": [TLSv1.3, TLSv1.2, TLSv1.1, TLSv1]
    },
    "key_share (51)": {
      "client_shares": [
        {
          "named group": x25519
          "key_exchange": {
            0000: C4 96 91 B3 51 AB 0A CF   40 19 04 9B A5 73 D5 31  [email protected]
            0010: FF 6B E8 EB DF F0 63 27   62 18 6F 08 29 39 BF 14  .k....c'b.o.)9..
          }
        },
      ]
    }
  ]
}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.989 UTC|SSLExtensions.java:192|Consumed extension: supported_versions
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.989 UTC|ClientHello.java:839|Negotiated protocol version: TLSv1.3
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.989 UTC|PskKeyExchangeModesExtension.java:293|abort session resumption, no supported psk_dhe_ke PSK key exchange mode
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.989 UTC|PreSharedKeyExtension.java:807|Handling pre_shared_key absence.
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.989 UTC|ServerNameExtension.java:327|no server name matchers, ignore server name indication
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.989 UTC|SSLExtensions.java:192|Consumed extension: server_name
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:192|Consumed extension: status_request
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:192|Consumed extension: supported_groups
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:163|Ignore unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:192|Consumed extension: signature_algorithms
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:173|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:163|Ignore unsupported extension: status_request_v2
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:163|Ignore unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:173|Ignore unavailable extension: cookie
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:192|Consumed extension: key_share
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.990 UTC|SSLExtensions.java:163|Ignore unsupported extension: renegotiation_info
javax.net.ssl|WARNING|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.991 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: server_name
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.991 UTC|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|WARNING|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.991 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: status_request
javax.net.ssl|WARNING|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.991 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_groups
javax.net.ssl|WARNING|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.991 UTC|SignatureScheme.java:426|Unsupported signature scheme: ed25519
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.991 UTC|SSLExtensions.java:224|Populated with extension: signature_algorithms
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.991 UTC|SSLExtensions.java:207|Ignore unavailable extension: signature_algorithms_cert
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.992 UTC|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.992 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.992 UTC|SSLExtensions.java:207|Ignore unavailable extension: cookie
javax.net.ssl|WARNING|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.992 UTC|SSLExtensions.java:215|Ignore impact of unsupported extension: key_share
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.992 UTC|ServerHello.java:718|use cipher suite TLS_AES_128_GCM_SHA256
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.993 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.993 UTC|ServerHello.java:577|Produced ServerHello handshake message (
"ServerHello": {
  "server version"      : "TLSv1.2",
  "random"              : "6A E2 66 3A 60 28 50 D0 B4 A1 C1 D8 35 B2 05 78 22 29 30 E5 D3 C7 CE 16 26 E8 F7 89 4C 08 33 3C",
  "session id"          : "FE AF BD 4F 48 19 E9 B7 3F 0C 6D 81 8B BF A5 3C EA 12 C8 C8 A7 54 E9 60 00 0D D1 82 4C BD E7 44",
  "cipher suite"        : "TLS_AES_128_GCM_SHA256(0x1301)",
  "compression methods" : "00",
  "extensions"          : [
    "supported_versions (43)": {
      "selected version": [TLSv1.3]
    },
    "key_share (51)": {
      "server_share": {
        "named group": x25519
        "key_exchange": {
          0000: A2 09 83 25 E1 60 B8 4E   7D 53 05 C4 C9 CD 15 3C  ...%.`.N.S.....<
          0010: CD A9 1A 9D 40 E8 6F 11   5B CC EA 2C 59 9D AC 2D  [email protected].[..,Y..-
        }
      },
    }
  ]
}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.995 UTC|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.995 UTC|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|ALL|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.995 UTC|ServerNameExtension.java:537|No expected server name indication response
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.995 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: server_name
javax.net.ssl|ALL|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.995 UTC|MaxFragExtension.java:469|Ignore unavailable max_fragment_length extension
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.995 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.996 UTC|AlpnExtension.java:365|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.996 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.996 UTC|EncryptedExtensions.java:137|Produced EncryptedExtensions message (
"EncryptedExtensions": [
  "supported_groups (10)": {
    "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
  }
]
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.997 UTC|CertificateRequest.java:883|Produced CertificateRequest message (
"CertificateRequest": {
  "certificate_request_context": "",
  "extensions": [
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    }
  ]
}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.997 UTC|StatusResponseManager.java:763|Staping disabled or is a resumed session
javax.net.ssl|ALL|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.997 UTC|CertStatusExtension.java:1112|Stapling is disabled for this connection
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.997 UTC|SSLExtensions.java:260|Ignore, context unavailable extension: status_request
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:58.998 UTC|CertificateMessage.java:1022|Produced server Certificate message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "2C DB 49 35 92 2C 2F 2D A4 97 42 5A EC BF 0A A7",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=linstor-ca",
      "not before"         : "2021-08-05 10:51:51.000 UTC",
      "not  after"         : "2031-08-03 10:51:51.000 UTC",
      "subject"            : "CN=linstor-controller",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.35 Criticality=false
          AuthorityKeyIdentifier [
          KeyIdentifier [
          0000: 82 A6 F6 5E 55 01 3D 7A   AB EC 34 84 C6 4F A7 55  ...^U.=z..4..O.U
          0010: 05 2B 6E 5C                                        .+n\
          ]
          ]
        },
        {
          ObjectId: 2.5.29.19 Criticality=true
          BasicConstraints:[
            CA:false
            PathLen: undefined
          ]
        },
        {
          ObjectId: 2.5.29.37 Criticality=false
          ExtendedKeyUsages [
            serverAuth
          ]
        },
        {
          ObjectId: 2.5.29.15 Criticality=true
          KeyUsage [
            DigitalSignature
            Key_Encipherment
          ]
        },
        {
          ObjectId: 2.5.29.17 Criticality=false
          SubjectAlternativeName [
            DNSName: linstor-controller
            DNSName: linstor-controller.linstor
            DNSName: linstor-controller.linstor.svc
            DNSName: localhost
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }
  },
]
}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.002 UTC|CertificateVerify.java:1109|Produced server CertificateVerify handshake message (
"CertificateVerify": {
  "signature algorithm": rsa_pss_rsae_sha256
  "signature": {
    0000: 34 7D E1 C7 9B 84 1E 06   36 39 7F CF 69 BF 44 1B  4.......69..i.D.
    0010: 55 60 A1 2C 5D A9 40 94   4B FD FE 4C 4E 52 47 29  U`.,][email protected])
    0020: 35 62 3D 2E 46 96 EA 19   3F 36 5D FA 15 86 79 F7  5b=.F...?6]...y.
    0030: BC D6 42 12 F5 17 A2 26   EF 95 FA FF 81 54 10 D2  ..B....&.....T..
    0040: A2 C9 09 3A 01 98 D7 6A   7E 14 13 89 DC CC BF 54  ...:...j.......T
    0050: EB B1 19 68 A9 A1 8E 55   D3 EF 87 04 15 BD 93 F3  ...h...U........
    0060: A6 35 AB 5B 19 25 76 48   81 2F 75 13 EE DE 94 ED  .5.[.%vH./u.....
    0070: 30 AF C7 89 78 87 60 03   DD 03 27 66 A7 9D 30 2A  0...x.`...'f..0*
    0080: E6 4B 96 DF 7C D5 82 8F   6B 31 E1 BA 91 4B FB DF  .K......k1...K..
    0090: D3 8B C3 EC 28 BF 9D AA   5E 9A 11 90 74 78 4B 7E  ....(...^...txK.
    00A0: 22 70 B8 82 36 7C 33 02   04 78 F2 82 08 0D CF 7C  "p..6.3..x......
    00B0: 54 21 5D 1B F0 B2 C5 84   18 C8 72 0E 88 B3 C0 B0  T!].......r.....
    00C0: 38 36 D6 F2 28 88 91 AE   2C 83 4A 4F C0 F5 A2 04  86..(...,.JO....
    00D0: 67 03 0C 93 93 D5 7A 7D   8B F6 88 EC 21 6A 25 96  g.....z.....!j%.
    00E0: 49 5B 1B CD FA 8D DC 4D   3E A2 09 F8 C2 46 00 6E  I[.....M>....F.n
    00F0: BB B4 4E 94 D1 36 0D 77   BD 43 23 28 78 B2 7E E0  ..N..6.w.C#(x...
  }
}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.003 UTC|Finished.java:767|Produced server Finished handshake message (
"Finished": {
  "verify data": {
    0000: 46 08 04 3C F7 BB F4 36   82 D5 D2 45 32 3D 0B C4  F..<...6...E2=..
    0010: B1 F2 8F CB 43 8A 9E 99   86 B1 82 A0 95 65 AD 2C  ....C........e.,
  }'}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.003 UTC|SSLCipher.java:1994|KeyLimit write side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.006 UTC|ChangeCipherSpec.java:246|Consuming ChangeCipherSpec message
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.006 UTC|CertificateMessage.java:1177|Consuming client Certificate handshake message (
"Certificate": {
  "certificate_request_context": "",
  "certificate_list": [
  {
    "certificate" : {
      "version"            : "v3",
      "serial number"      : "33 4F 3D B0 A6 7D 86 D4 E5 C0 D7 AA A6 7A 63 27",
      "signature algorithm": "SHA256withRSA",
      "issuer"             : "CN=linstor-ca",
      "not before"         : "2021-08-05 14:46:52.000 UTC",
      "not  after"         : "2031-08-03 14:46:52.000 UTC",
      "subject"            : "CN=linstor-client",
      "subject public key" : "RSA",
      "extensions"         : [
        {
          ObjectId: 2.5.29.35 Criticality=false
          AuthorityKeyIdentifier [
          KeyIdentifier [
          0000: 82 A6 F6 5E 55 01 3D 7A   AB EC 34 84 C6 4F A7 55  ...^U.=z..4..O.U
          0010: 05 2B 6E 5C                                        .+n\
          ]
          ]
        },
        {
          ObjectId: 2.5.29.19 Criticality=true
          BasicConstraints:[
            CA:false
            PathLen: undefined
          ]
        },
        {
          ObjectId: 2.5.29.37 Criticality=false
          ExtendedKeyUsages [
            clientAuth
          ]
        },
        {
          ObjectId: 2.5.29.15 Criticality=true
          KeyUsage [
            DigitalSignature
            Key_Encipherment
          ]
        }
      ]}
    "extensions": {
      <no extension>
    }
  },
]
}
)

javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.007 UTC|CertificateVerify.java:1161|Consuming CertificateVerify handshake message (
"CertificateVerify": {
  "signature algorithm": rsa_pss_rsae_sha256
  "signature": {
    0000: 20 D6 71 55 13 B9 49 C4   23 96 67 B3 C6 C2 48 63   .qU..I.#.g...Hc
    0010: 5A E9 06 AC 24 F2 27 17   79 B8 60 DF 20 C7 05 55  Z...$.'.y.`. ..U
    0020: 5C C7 2B 4F E2 9D 0F 7C   57 45 4D 58 F7 03 39 AE  \.+O....WEMX..9.
    0030: AC FA DB ED C5 85 74 06   C1 EA 9D 1B 54 71 BA 92  ......t.....Tq..
    0040: 29 F7 4E 5C 4D 96 44 22   29 A0 83 21 55 3C BA 95  ).N\M.D")..!U<..
    0050: 45 BB 02 17 8C 55 18 23   70 03 1A A9 96 16 80 0B  E....U.#p.......
    0060: E8 F9 C4 0B 2E 96 E4 4D   95 82 84 DE 47 AD 17 48  .......M....G..H
    0070: 7D 41 2A 53 7B 9C 30 22   54 BF 15 01 49 6D 80 B5  .A*S..0"T...Im..
    0080: 75 08 AD 03 0C F5 B1 9B   51 76 C0 0E B1 BC 5B 8B  u.......Qv....[.
    0090: CF 7A FB EA 7D B2 B0 37   C5 BD 32 48 F7 2A 2A 28  .z.....7..2H.**(
    00A0: 4D 30 B4 EE F2 34 D2 6A   A6 B8 C1 56 82 41 6C C1  M0...4.j...V.Al.
    00B0: 5B E5 BC 03 D8 75 C0 72   ED 66 84 58 75 BE 13 5D  [....u.r.f.Xu..]
    00C0: 50 D4 BF 87 3B 70 0B 58   44 4B 0F 72 97 9C 0B 14  P...;p.XDK.r....
    00D0: A6 51 5C 9C 87 D0 11 CF   C8 5A 9C B8 2D A2 19 8C  .Q\......Z..-...
    00E0: 83 0D 68 64 53 AA C3 8C   BD C4 20 22 A5 D2 1A 4C  ..hdS..... "...L
    00F0: 29 14 3F 06 A9 F0 F7 8B   E4 B1 1E AF AC 30 6A A5  ).?..........0j.
  }
}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.007 UTC|Finished.java:1032|Consuming client Finished handshake message (
"Finished": {
  "verify data": {
    0000: AC 6C 21 EF 27 14 11 79   E9 30 20 0E C6 9A 7D 71  .l!.'..y.0 ....q
    0010: 7C 4F 06 30 C9 63 CA 7E   11 6D 6D FC 42 80 D3 73  .O.0.c...mm.B..s
  }'}
)
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.007 UTC|SSLCipher.java:1840|KeyLimit read side: algorithm = AES/GCM/NOPADDING:KEYUPDATE
countdown value = 137438953472
javax.net.ssl|DEBUG|1F|grizzly-nio-kernel(1) SelectorRunner|2021-08-05 14:58:59.008 UTC|Finished.java:1131|Sending new session ticket

(I also updated client certificate name from linstor-controller to linstor-client kvaps/kube-linstor@b1599dc)

kvaps · 2021-08-05T15:47:45Z

Got it!

If I understood this correctly, the problem was in fact that linstor-controller since v1.14.0 provides CAs list allowed to establish client connections:

    "certificate_authorities (47)": {
      "certificate authorities": [
        CN=linstor-ca]
    }

As we know go has own implementation of crypto/tls different from C which just ignores this field. But go is smart and does not provides any certificates with CA filed which is not matching the requested ones by server.

Thus solution was simple to import CA into /config/ssl/trustore_client.jks keystore instead of importing just the client certificate
kvaps/kube-linstor@14e903e

The interesting fact that the same logic is not working for linstor-satellite, as it requires import directly linstor-controller's client certificate and not working if only CA has imported.

kvaps closed this as completed Aug 5, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

failed to retrieve node topology: failed to get storage pools for node #128

failed to retrieve node topology: failed to get storage pools for node #128

kvaps commented Aug 4, 2021 •

edited

Loading

kvaps commented Aug 4, 2021 •

edited

Loading

kvaps commented Aug 4, 2021 •

edited

Loading

WanzenBug commented Aug 5, 2021

kvaps commented Aug 5, 2021 •

edited

Loading

kvaps commented Aug 5, 2021

WanzenBug commented Aug 5, 2021

kvaps commented Aug 5, 2021 •

edited

Loading

WanzenBug commented Aug 5, 2021

kvaps commented Aug 5, 2021 •

edited

Loading

kvaps commented Aug 5, 2021 •

edited

Loading

failed to retrieve node topology: failed to get storage pools for node #128

failed to retrieve node topology: failed to get storage pools for node #128

Comments

kvaps commented Aug 4, 2021 • edited Loading

kvaps commented Aug 4, 2021 • edited Loading

kvaps commented Aug 4, 2021 • edited Loading

WanzenBug commented Aug 5, 2021

kvaps commented Aug 5, 2021 • edited Loading

kvaps commented Aug 5, 2021

WanzenBug commented Aug 5, 2021

kvaps commented Aug 5, 2021 • edited Loading

WanzenBug commented Aug 5, 2021

kvaps commented Aug 5, 2021 • edited Loading

kvaps commented Aug 5, 2021 • edited Loading

kvaps commented Aug 4, 2021 •

edited

Loading

kvaps commented Aug 4, 2021 •

edited

Loading

kvaps commented Aug 4, 2021 •

edited

Loading

kvaps commented Aug 5, 2021 •

edited

Loading

kvaps commented Aug 5, 2021 •

edited

Loading

kvaps commented Aug 5, 2021 •

edited

Loading

kvaps commented Aug 5, 2021 •

edited

Loading