oslo.cache

TLS is not working

Bug #2017700 reported by Damian Dąbrowski on 2023-04-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	oslo.cache	Fix Released	Undecided	Unassigned

Bug Description

Seems like TLS in oslo.cache is not working(at least for some backends).

I created a simple script to test memcached connection: https://paste.openstack.org/show/bJPQRPsq953Hojl1cFMA/

Memcached instance is configured to serve TLS.

With dogpile.cache.memcached I see:

Apr 25 21:09:34 aio1-memcached-container-7f83bd44 systemd-memcached-wrapper[13218]: SSL connection failed with error code : 1 : Success
Apr 25 21:09:34 aio1-memcached-container-7f83bd44 systemd-memcached-wrapper[13218]: accept4(): Resource temporarily unavailable

On tcpdump I can see plain http traffic:

# tcpdump -i any 'host 172.29.238.233' -s 65535 -A -tttl | grep get
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 65535 bytes
U[......get 274f7b9675887be609cf0d726a0395b3d1f7a815

With dogpile.cache.bmemcached it looks better: https://paste.openstack.org/show/bXW8pcHtigoIg5noXhoC/

Environment:
python 3.8.10
oslo.cache 3.3.1
memcached 1.5.22

Revision history for this message

Takashi Kajinami (kajinamit) wrote on 2024-02-14:

The dogpile.cache.memcached backend does not support tls connection. This is the limitation caused by underlying library.

We have introduced a validation to reject that wrong usage. See https://review.opendev.org/c/openstack/oslo.cache/+/907330 .

Changed in oslo.cache:
status:	New → Fix Released

Revision history for this message

Damian Dąbrowski (damiandabrowski) wrote on 2024-02-14:

thanks!

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.