无法使用cqlsh连接到AWS Keyspace

如何解决无法使用cqlsh连接到AWS Keyspace

我在使用应用程序代码和<items><item ID="00000000-0000-0000-0000-000000000000" /></items>连接到AWS Keyspace时遇到问题：

cqlsh

尤其令人困惑的是，我的设置过去曾起作用。

我的cqlsh cassandra.eu-west-2.amazonaws.com 9142 -u "xxxxxxxxxxxxxxx" -p "xxxxxxxxxxxxxxxxxxxxxx" --ssl Connection error: ('Unable to connect to any servers',{'3.10.201.209': error(1,u"Tried connecting to [('3.10.201.209',9142)]. Last error: [SSL] internal error (_ssl.c:727)")})：

cqlshrc

我这样获取证书：

[connection]
port = 9142
factory = cqlshlib.ssl.ssl_transport_factory

[ssl]
validate = true
certfile = /home/abc/.cassandra/AmazonRootCA1.pem

DNS似乎不错：

wget -c https://www.amazontrust.com/repository/AmazonRootCA1.pem

我最近从18.04升级到Ubuntu 20.04，这可能会引起问题。

更新：是的，它可能更改了默认的SSL协议

解决方法

我想出了cqlsh的问题；您需要设置SSL版本：

[connection]
port = 9142
factory = cqlshlib.ssl.ssl_transport_factory

[cql]
version = 3.4.4

[ssl]
validate = true
certfile = /home/abc/.cassandra/AmazonRootCA1.pem
version = TLSv1_2

.NET解决方案的修复方法与此类似；您必须正确设置SslProtocols。

这是一个有效的F＃脚本：

#load "../.paket/load/netcoreapp3.1/CassandraCSharpDriver.fsx"

open System
open System.Net.Security
open System.Security
open System.Security.Authentication
open System.Security.Cryptography
open System.Security.Cryptography.X509Certificates
open Cassandra

let private getEnvVar (name : string) =
  let x = Environment.GetEnvironmentVariable name
  if String.IsNullOrWhiteSpace x
  then
    failwithf "The environment variable %s must be set" name
  else
    x

let region = getEnvVar "AWS_REGION"

let keyspace = getEnvVar "AWS_KEYSPACES_KEYSPACE"
let keyspacesUsername = getEnvVar "AWS_KEYSPACES_USERNAME"
let keyspacesPassword = getEnvVar "AWS_KEYSPACES_PASSWORD"

async {
  let certCollection = X509Certificate2Collection ()
  use cert = new X509Certificate2 (@"./AmazonRootCA1.pem","amazon")

  certCollection.Add (cert) |> ignore

  let sslOptions =
    SSLOptions
      (
        SslProtocols.Tls12,true,(fun sender certificate chain sslPolicyErrors ->
          if sslPolicyErrors = SslPolicyErrors.None
          then
            true
          else
            printfn "Cassandra node SSL certificate validation error(s): {%A}" sslPolicyErrors
            false)
      )
    |> (fun x -> x.SetCertificateCollection(certCollection))

  let contactPoints = [| sprintf "cassandra.%s.amazonaws.com" region |]

  let cluster =
    Cluster.Builder()
      .AddContactPoints(contactPoints)
      .WithPort(9142)
      .WithAuthProvider(PlainTextAuthProvider (keyspacesUsername,keyspacesPassword))
      .WithSSL(sslOptions)
      .Build()

  use! cassandra =
    cluster.ConnectAsync keyspace
    |> Async.AwaitTask

  printfn "Connected. "
}
|> Async.RunSynchronously

应该很容易翻译成C＃：）