Closed
Description
The following will reliable fail on both 6.x and master.
./gradlew clean :x-pack:qa:openldap-tests:unitTest
It reproduces irregardless of seed.
6.x
1> [2019-01-18T01:23:17,040][INFO ][o.e.x.s.a.l.OpenLdapUserSearchSessionFactoryTests] [testUserSearchWithBindUserOpenLDAP] before test
1> [2019-01-18T01:23:17,439][DEBUG][o.e.x.c.s.SSLService ] [testUserSearchWithBindUserOpenLDAP] using ssl settings [SSLConfiguration{keyConfig=[NONE], trustConfig=ca=[/home/jake/workspace/elasticsearch/x-pack/qa/openldap-tests/build/generated-resources/openldap-tests/ca.crt]], cipherSuites=[[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]], supportedProtocols=[[TLSv1.2, TLSv1.1, TLSv1]], sslClientAuth=[REQUIRED], verificationMode=[FULL]}]
1> [2019-01-18T01:23:17,628][WARN ][o.e.d.x.c.s.SSLService ] [testUserSearchWithBindUserOpenLDAP] SSL configuration [xpack.http.ssl] relies upon fallback to another configuration for [trust configuration], which is deprecated.
1> [2019-01-18T01:23:17,678][INFO ][o.e.x.s.a.l.LdapUserSearchSessionFactory] [testUserSearchWithBindUserOpenLDAP] Realm [oldap-test] is in user-search mode - base_dn=[ou=people,dc=oldap,dc=test,dc=elasticsearch,dc=com], search filter=[(uid={0})]
2> REPRODUCE WITH: ./gradlew :x-pack:qa:openldap-tests:unitTest -Dtests.seed=A9B1920977D5FDA2 -Dtests.class=org.elasticsearch.xpack.security.authc.ldap.OpenLdapUserSearchSessionFactoryTests -Dtests.method="testUserSearchWithBindUserOpenLDAP" -Dtests.security.manager=true -Dtests.locale=el-CY -Dtests.timezone=Africa/Kampala -Dcompiler.java=11 -Druntime.java=8
FAILURE 1.45s J1 | OpenLdapUserSearchSessionFactoryTests.testUserSearchWithBindUserOpenLDAP <<< FAILURES!
> Throwable #1: java.lang.AssertionError: unexpected warning headers expected null, but was:<[299 Elasticsearch-6.7.0-SNAPSHOT-faa5aca "SSL configuration [xpack.http.ssl] relies upon fallback to another configuration for [trust configuration], which is deprecated." "Thu, 17 Jan 2019 22:23:17 GMT"]>
> at __randomizedtesting.SeedInfo.seed([A9B1920977D5FDA2:66D5D5F4682AF1AC]:0)
> at org.elasticsearch.test.ESTestCase.ensureNoWarnings(ESTestCase.java:378)
> at org.elasticsearch.test.ESTestCase.after(ESTestCase.java:356)
> at java.lang.Thread.run(Thread.java:748)
2> NOTE: leaving temporary files on disk at: /home/jake/workspace/elasticsearch/x-pack/qa/openldap-tests/build/testrun/unitTest/J1/temp/org.elasticsearch.xpack.security.authc.ldap.OpenLdapUserSearchSessionFactoryTests_A9B1920977D5FDA2-001
2> NOTE: test params are: codec=Asserting(Lucene70): {}, docValues:{}, maxPointsInLeafNode=1631, maxMBSortInHeap=7.811575863060436, sim=RandomSimilarity(queryNorm=false): {}, locale=el-CY, timezone=Africa/Kampala
2> NOTE: Linux 4.19.13-200.fc28.x86_64 amd64/Oracle Corporation 1.8.0_171 (64-bit)/cpus=8,threads=1,free=443516472,total=514850816
2> NOTE: All tests run in this JVM: [OpenLdapUserSearchSessionFactoryTests]
Completed [1/3] on J1 in 3.44s, 1 test, 1 failure <<< FAILURES!
Master (this might be a local setup issue)
2> REPRODUCE WITH: ./gradlew :x-pack:qa:openldap-tests:unitTest -Dtests.seed=9C31A8FBC6D9742 -Dtests.class=org.elasticsearch.xpack.security.authc.ldap.OpenLdapUserSearchSessionFactoryTests -Dtests.method="testUserSearchWithBindUserOpenLDAP" -Dtests.security.manager=true -Dtests.locale=en-IN -Dtests.timezone=Pacific/Pohnpei -Dcompiler.java=11 -Druntime.java=8
ERROR 0.89s J1 | OpenLdapUserSearchSessionFactoryTests.testUserSearchWithBindUserOpenLDAP <<< FAILURES!
> Throwable #1: UncategorizedExecutionException[Failed execution]; nested: ExecutionException[LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server localhost:60636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'localhost:60636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))')]; nested: LDAPException[An error occurred while attempting to connect to server localhost:60636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'localhost:60636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))]; nested: IOException[LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'localhost:60636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812')]; nested: LDAPException[Unable to verify an attempt to to establish a secure connection to 'localhost:60636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812]; nested: SSLPeerUnverifiedException[peer not authenticated];
> at __randomizedtesting.SeedInfo.seed([9C31A8FBC6D9742:C6A75D72A3929B4C]:0)
> at org.elasticsearch.common.util.concurrent.FutureUtils.rethrowExecutionException(FutureUtils.java:101)
> at org.elasticsearch.common.util.concurrent.FutureUtils.get(FutureUtils.java:62)
> at org.elasticsearch.action.support.AdapterActionFuture.actionGet(AdapterActionFuture.java:34)
> at org.elasticsearch.xpack.security.authc.ldap.OpenLdapUserSearchSessionFactoryTests.session(OpenLdapUserSearchSessionFactoryTests.java:130)
> at org.elasticsearch.xpack.security.authc.ldap.OpenLdapUserSearchSessionFactoryTests.testUserSearchWithBindUserOpenLDAP(OpenLdapUserSearchSessionFactoryTests.java:105)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: java.util.concurrent.ExecutionException: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server localhost:60636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'localhost:60636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))')
> at org.elasticsearch.common.util.concurrent.BaseFuture$Sync.getValue(BaseFuture.java:266)
> at org.elasticsearch.common.util.concurrent.BaseFuture$Sync.get(BaseFuture.java:253)
> at org.elasticsearch.common.util.concurrent.BaseFuture.get(BaseFuture.java:87)
> at org.elasticsearch.common.util.concurrent.FutureUtils.get(FutureUtils.java:57)
> ... 40 more
> Caused by: LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server localhost:60636: IOException(LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'localhost:60636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812'))')
> at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:870)
> at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:760)
> at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:710)
> at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:534)
> at com.unboundid.ldap.sdk.SingleServerSet.getConnection(SingleServerSet.java:307)
> at com.unboundid.ldap.sdk.FailoverServerSet.getConnection(FailoverServerSet.java:653)
> at com.unboundid.ldap.sdk.FailoverServerSet.getConnection(FailoverServerSet.java:567)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.privilegedConnect(LdapUtils.java:74)
> at org.elasticsearch.xpack.security.authc.ldap.LdapUserSearchSessionFactory.getSessionWithoutPool(LdapUserSearchSessionFactory.java:112)
> at org.elasticsearch.xpack.security.authc.ldap.PoolingSessionFactory.session(PoolingSessionFactory.java:102)
> at org.elasticsearch.xpack.security.authc.ldap.OpenLdapUserSearchSessionFactoryTests.session(OpenLdapUserSearchSessionFactoryTests.java:129)
> ... 38 more
> Caused by: java.io.IOException: LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'localhost:60636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812')
> at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:178)
> at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:860)
> ... 49 more
> Caused by: LDAPException(resultCode=91 (connect error), errorMessage='Unable to verify an attempt to to establish a secure connection to 'localhost:60636' because an unexpected error was encountered during validation processing: SSLPeerUnverifiedException(peer not authenticated), ldapSDKVersion=4.0.8, revision=28812')
> at com.unboundid.util.ssl.HostNameSSLSocketVerifier.verifySSLSocket(HostNameSSLSocketVerifier.java:146)
> at com.unboundid.ldap.sdk.LDAPConnectionInternals.<init>(LDAPConnectionInternals.java:166)
> ... 50 more
> Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
> at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:440)
> at com.unboundid.util.ssl.HostNameSSLSocketVerifier.verifySSLSocket(HostNameSSLSocketVerifier.java:113)
> ... 51 more
2> NOTE: leaving temporary files on disk at: /home/jake/workspace/elasticsearch/x-pack/qa/openldap-tests/build/testrun/unitTest/J1/temp/org.elasticsearch.xpack.security.authc.ldap.OpenLdapUserSearchSessionFactoryTests_9C31A8FBC6D9742-001
2> NOTE: test params are: codec=Asserting(Lucene80): {}, docValues:{}, maxPointsInLeafNode=2025, maxMBSortInHeap=6.9218108535077105, sim=Asserting(org.apache.lucene.search.similarities.AssertingSimilarity@11da7e90), locale=en-IN, timezone=Pacific/Pohnpei
2> NOTE: Linux 4.19.13-200.fc28.x86_64 amd64/Oracle Corporation 1.8.0_171 (64-bit)/cpus=8,threads=1,free=452836240,total=514850816
2> NOTE: All tests run in this JVM: [OpenLdapUserSearchSessionFactoryTests]
Completed [1/3] on J1 in 2.74s, 1 test, 1 error <<< FAILURES!