救命!我在 Docker 中运行 Cassandra。
我将主机名设置为“mycassandra”。
我已向 CN="mycassandra" 颁发了证书,添加了 SAN DNS="mycassandra",甚至添加了 SAN IP“172.19.0.7”作为预防措施,然后创建了密钥库。
C# 代码如下所示(简化):
await Cluster.Builder()
.AddContactPoints("mycassandra")
.WithSSL(new SSLOptions().SetRemoteCertValidationCallback(
(sender, certificate, chain, errors) =>
{
var hostEntry = Dns.GetHostEntry(_serviceConfig.DatabaseHostname);
log.LogDebug("Dns.GetHostEntry: " + hostEntry.HostName + " (Cert Subject:" + certificate.Subject + ")");
if (errors == SslPolicyErrors.None)
return true;
throw new Exception($"Hand no shakey error: {errors}");
}
))
.Build().ConnectAsync("mykeyspace");
出现的一个错误是:
Dns.GetHostEntry: mycassandra (Cert Subject:CN=mycassandra)
Could not establish connection with cassandra. Message: All hosts tried for query failed (tried 172.19.0.7:9042: Exception 'Database handshake error: RemoteCertificateNameMismatch')
---> Cassandra.NoHostAvailableException: All hosts tried for query failed (tried 172.19.0.7:9042: Exception 'Database handshake error: RemoteCertificateNameMismatch')
at Cassandra.Connections.Control.ControlConnection.Connect(Boolean isInitializing)
at Cassandra.Connections.Control.ControlConnection.InitAsync()
at Cassandra.Tasks.TaskHelper.WaitToCompleteAsync(Task task, Int32 timeout)
at Cassandra.Cluster.Init()
at Cassandra.Cluster.ConnectAsync(String keyspace)
如果我跳过
RemoteCertificateNameMismatch
,一切都会正常。
这与 docker 与操作系统如何解释证书有关。看看这个答案:https://stackoverflow.com/a/54434121/6493269