2

我无法使用我的应用程序代码连接到 Amazon Keyspaces cqlsh

cqlsh cassandra.eu-west-2.amazonaws.com 9142 -u "xxxxxxxxxxxxxxx" -p "xxxxxxxxxxxxxxxxxxxxxx" --ssl

Connection error: ('Unable to connect to any servers', {'3.10.201.209': error(1, u"Tried connecting to [('3.10.201.209', 9142)]. Last error: [SSL] internal error (_ssl.c:727)")})

特别令人困惑的是我的设置在过去有效。

我的cqlshrc

[connection]
port = 9142
factory = cqlshlib.ssl.ssl_transport_factory

[ssl]
validate = true
certfile = /home/abc/.cassandra/AmazonRootCA1.pem

我像这样获取证书:

wget -c https://www.amazontrust.com/repository/AmazonRootCA1.pem

DNS似乎很好:

nslookup cassandra.eu-west-2.amazonaws.com
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:   cassandra.eu-west-2.amazonaws.com
Address: 3.10.201.209

我最近从 18.04 升级到 Ubuntu 20.04,这可能会导致问题。

更新:是的,它可能更改了默认 SSL 协议

4

1 回答 1

2

我想通了cqlsh;您需要设置 SSL 版本:

[connection]
port = 9142
factory = cqlshlib.ssl.ssl_transport_factory

[cql]
version = 3.4.4

[ssl]
validate = true
certfile = /home/abc/.cassandra/AmazonRootCA1.pem
version = TLSv1_2

.NET 解决方案的修复类似;您必须SslProtocols正确设置。

这是一个有效的 F# 脚本:

#load "../.paket/load/netcoreapp3.1/CassandraCSharpDriver.fsx"

open System
open System.Net.Security
open System.Security
open System.Security.Authentication
open System.Security.Cryptography
open System.Security.Cryptography.X509Certificates
open Cassandra

let private getEnvVar (name : string) =
  let x = Environment.GetEnvironmentVariable name
  if String.IsNullOrWhiteSpace x
  then
    failwithf "The environment variable %s must be set" name
  else
    x

let region = getEnvVar "AWS_REGION"

let keyspace = getEnvVar "AWS_KEYSPACES_KEYSPACE"
let keyspacesUsername = getEnvVar "AWS_KEYSPACES_USERNAME"
let keyspacesPassword = getEnvVar "AWS_KEYSPACES_PASSWORD"

async {
  let certCollection = X509Certificate2Collection ()
  use cert = new X509Certificate2 (@"./AmazonRootCA1.pem", "amazon")

  certCollection.Add (cert) |> ignore

  let sslOptions =
    SSLOptions
      (
        SslProtocols.Tls12,
        true,
        (fun sender certificate chain sslPolicyErrors ->
          if sslPolicyErrors = SslPolicyErrors.None
          then
            true
          else
            printfn "Cassandra node SSL certificate validation error(s): {%A}" sslPolicyErrors
            false)
      )
    |> (fun x -> x.SetCertificateCollection(certCollection))

  let contactPoints = [| sprintf "cassandra.%s.amazonaws.com" region |]

  let cluster =
    Cluster.Builder()
      .AddContactPoints(contactPoints)
      .WithPort(9142)
      .WithAuthProvider(PlainTextAuthProvider (keyspacesUsername, keyspacesPassword))
      .WithSSL(sslOptions)
      .Build()

  use! cassandra =
    cluster.ConnectAsync keyspace
    |> Async.AwaitTask

  printfn "Connected. "
}
|> Async.RunSynchronously

应该很容易翻译成 C# :)

于 2020-10-20T14:35:17.790 回答