Welcome! Log In Create A New Profile

Advanced

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Previous Message Next Message
Forum List Message List New Topic Print View
meniem
November 06, 2020 04:35AM
Thanks Sergey for your quick reply.

I have checked the debug logs for the SNI (upstream SSL server name), and it seems to be correct.I also used the "proxy_ssl_name" directive that set to the proxied_server_name. Below is the debug output when I hit the endpoint:

2020/11/06 09:14:36 [debug] 30370#30370: *113140 http cleanup add: 000F8E3FFB8
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream resolve: "/abc"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 name was resolved to 1.2.3.4
2020/11/06 09:14:36 [debug] 30370#30370: *113140 get rr peer, try: 1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 stream socket 13
2020/11/06 09:14:36 [debug] 30370#30370: *113140 epoll add connection: fd:13 ev:8002005
2020/11/06 09:14:36 [debug] 30370#30370: *113140 connect to 1.2.3.4:443, fd:13 #11343
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream connect: -2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 posix_memalign: 003FFB8:128 @16
2020/11/06 09:14:36 [debug] 30370#30370: *113140 event timer add: 13: 60000:1604656507
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http finalize request: -4, "/abc" a:1, c:2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http request count:2 blk:0
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http run request: "/abc"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream check client, write event:1, "/abc"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream request: "/abc"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream send request handler
2020/11/06 09:14:36 [debug] 30370#30370: *113140 malloc: 00007F8EF805E0:72
2020/11/06 09:14:36 [debug] 30370#30370: *113140 upstream SSL server name: "targetapp.com"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 tcp_nodelay
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 0
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 0
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL handshake handler: 0
2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL_do_handshake: 0
2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL_get_error: 1
2020/11/06 09:14:37 [error] 30370#30370: *113140 SSL_do_handshake() failed (SSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert$
2020/11/06 09:14:37 [debug] 30370#30370: *113140 http next upstream, 2
2020/11/06 09:14:37 [debug] 30370#30370: *113140 free rr peer 1 4
2020/11/06 09:14:37 [debug] 30370#30370: *113140 finalize http upstream request: 502
2020/11/06 09:14:37 [debug] 30370#30370: *113140 finalize http proxy request
2020/11/06 09:14:37 [debug] 30370#30370: *113140 close http upstream connection: 13
2020/11/06 09:14:37 [debug] 30370#30370: *113140 free: 0007F8EF0E0
2020/11/06 09:14:37 [debug] 30370#30370: *113140 free: 0007F8EFA2A0, unused: 32
2020/11/06 09:14:37 [debug] 30370#30370: *113140 event timer del: 13: 104613507
2020/11/06 09:14:37 [debug] 30370#30370: *113140 reusable connection: 0
2020/11/06 09:14:37 [debug] 30370#30370: *113140 http finalize request: 502, "/abc" a:1, c:1
2020/11/06 09:14:37 [debug] 30370#30370: *113140 http special response: 502, "/abc"
2020/11/06 09:14:37 [debug] 30370#30370: *113140 xslt filter header
2020/11/06 09:14:37 [debug] 30370#30370: *113140 HTTP/1.1 502 Bad Gateway
Server: nginx/1.12.2
Server: nginx/1.12.2
Date: Fri, 06 Nov 2020 09:14:37 GMT
Content-Type: text/html
Content-Length: 173
Connection: keep-alive
Reply Quote
RSS
Subject Author Posted

SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

meniem November 05, 2020 05:18PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Sergey Kandaurov November 05, 2020 07:58PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

meniem November 06, 2020 04:35AM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Maxim Dounin November 09, 2020 02:14PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

meniem November 09, 2020 03:48PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Thomas Ward November 09, 2020 04:10PM

Re: SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

Maxim Dounin November 09, 2020 04:20PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 318
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready