Open
Description
I have three AWS Memcached instances and only one is working. The traces I've run point to an SSL Certificate issue, but I have the 5 recommended AWS Root Certs installed. Has anyone else had this issue? The only error Enyim is logging is a "socket reset".
09:00:08.395 INFORMATION - DEBUG: Memcached:Log.314
Debug Use NodeLocator: Enyim.Caching.Memcached.SingleNodeLocator. Current server count: 1
09:00:08.401 INFORMATION - DEBUG: Memcached:Log.314
Information Memcached server address - XXXX.serverless.use1.cache.amazonaws.com:11211
09:00:11.038 INFORMATION - DEBUG: Memcached:Log.314
Debug ExecuteOperationAsync(Enyim.Caching.Memcached.Protocol.Binary.StoreOperation)
09:00:11.554 INFORMATION - DEBUG: Memcached:Log.314
Debug Pool has been inited for Unspecified/XXXX.serverless.use1.cache.amazonaws.com:11211 with 5 sockets
09:00:11.565 INFORMATION - DEBUG: Memcached:Log.314
Information MemcachedInitPool-cost: 518.5943ms
09:00:11.573 INFORMATION - DEBUG: Memcached:Log.314
Debug Acquiring stream from pool. Unspecified/XXXX.serverless.use1.cache.amazonaws.com:11211
09:00:11.578 INFORMATION - DEBUG: Memcached:Log.314
Debug Socket 2fafbca6-8639-41b5-9534-6a982648c5e0 was reset
09:00:11.582 INFORMATION - DEBUG: Memcached:Log.314
Debug Socket was reset. InstanceId 2fafbca6-8639-41b5-9534-6a982648c5e0
09:00:11.591 INFORMATION - DEBUG: Memcached:Log.314
Debug pooledSocket.WriteAsync...
09:00:11.601 INFORMATION - DEBUG: Memcached:Log.314
Debug Enyim.Caching.Memcached.Protocol.Binary.StoreOperation.ReadResponseAsync...
09:00:21.626 INFORMATION - DEBUG: Memcached:Log.314
Debug Releasing socket 2fafbca6-8639-41b5-9534-6a982648c5e0
09:00:21.633 INFORMATION - DEBUG: Memcached:Log.314
Debug Are we alive? True
OpenSSL logs an SSL issue, "unable to get local issuer certificate"
C:\Program Files\OpenSSL-Win64\bin>openssl s_client -showcerts -connect XXXXX.serverless.use1.cache.amazonaws.com:11211
Connecting to 10.102.11.0
CONNECTED(000001F0)
depth=3 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=2 C=US, O=Amazon, CN=Amazon Root CA 1
verify return:1
depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M02
verify return:1
depth=0 CN=*.serverless.use1.cache.amazonaws.com
verify return:1
---
Certificate chain
0 s:CN=*.serverless.use1.cache.amazonaws.com
i:C=US, O=Amazon, CN=Amazon RSA 2048 M02
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 27 00:00:00 2024 GMT; NotAfter: Sep 25 23:59:59 2025 GMT
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgIQBl49qDc3bH8VtelS2cY+XjANBgkqhkiG9w0BAQsFADA8
...
sM8Xuyp7NnzFDF+gE8kWpGmKGbMVJ7nBVgJyZ0tXU2aDIWpkE9PTNf4dIYWLR9iQ
3qhXYa9OCy5MJ3COgIk7I71ER+W4Bov9LDNGrNoi
-----END CERTIFICATE-----
1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M02
i:C=US, O=Amazon, CN=Amazon Root CA 1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT
-----BEGIN CERTIFICATE-----
MIIEXjCCA0agAwIBAgITB3MSSkvL1E7HtTvq8ZSELToPoTANBgkqhkiG9w0BAQsF
...
slI2yayq0n2TXoHyNCLEH8rpsJRVILFsg0jc7BaFrMnF462+ajSehgj12IidNeRN
4zl+EoNaWdpnWndvSpAEkq2P
-----END CERTIFICATE-----
2 s:C=US, O=Amazon, CN=Amazon Root CA 1
i:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF
...
0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U
akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA==
-----END CERTIFICATE-----
3 s:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
i:C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
-----BEGIN CERTIFICATE-----
MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
...
VsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w=
-----END CERTIFICATE-----
---
Server certificate
subject=CN=*.serverless.use1.cache.amazonaws.com
issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M02
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5566 bytes and written 437 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
Metadata
Metadata
Assignees
Labels
No labels