Using SSL-secured channel fails because of java.lang.NoSuchFieldError: SSL_MAX_RECORD_LENGTH

[shadjiiski]

I am trying to connect to a SSL-secured Tiller by providing client certificates. I have followed some advise that I have found in the issues (#155), so I am having something like this:

ManagedChannel channel = NettyChannelBuilder
        .forAddress(hostAddress, portForward.getLocalPort())
        .idleTimeout(5L, TimeUnit.SECONDS)
        .keepAliveTime(30L, TimeUnit.SECONDS)
        .maxInboundMessageSize(Tiller.MAX_MESSAGE_SIZE)
        .useTransportSecurity()
        .sslContext(sslContext)
        .build();

This does the trick but when I try to iterate the response from the server like this:

Iterator<ListReleasesResponse> releases = releaseServiceBlockingStub.listReleases(listReleasesRequest);
releases.forEachRemaining(lrp -> {
    lrp.getReleasesList().forEach(r -> {
        System.out.println("Found release " + r.getName());
    });
});

the foreach call fails because of this exception

Status{code=UNKNOWN, description=null, cause=io.netty.channel.ChannelPipelineException: io.grpc.netty.ProtocolNegotiators$TlsNegotiator$1.handlerAdded() has thrown an exception; removed.
	at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:626)
	at io.netty.channel.DefaultChannelPipeline.addBefore(DefaultChannelPipeline.java:287)
	at io.netty.channel.DefaultChannelPipeline.addBefore(DefaultChannelPipeline.java:249)
	at io.grpc.netty.ProtocolNegotiators$AbstractBufferingHandler.channelRegistered(ProtocolNegotiators.java:435)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRegistered(AbstractChannelHandlerContext.java:149)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRegistered(AbstractChannelHandlerContext.java:135)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRegistered(AbstractChannelHandlerContext.java:128)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRegistered(DefaultChannelPipeline.java:1332)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRegistered(AbstractChannelHandlerContext.java:149)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRegistered(AbstractChannelHandlerContext.java:135)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRegistered(DefaultChannelPipeline.java:829)
	at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:513)
	at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:423)
	at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:482)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:403)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:463)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
	at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:138)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.NoSuchFieldError: SSL_MAX_RECORD_LENGTH
	at io.netty.handler.ssl.ReferenceCountedOpenSslEngine.<clinit>(ReferenceCountedOpenSslEngine.java:129)
	at io.netty.handler.ssl.OpenSslContext.newEngine0(OpenSslContext.java:49)
	at io.netty.handler.ssl.ReferenceCountedOpenSslContext.newEngine(ReferenceCountedOpenSslContext.java:378)
	at io.grpc.netty.ProtocolNegotiators$TlsNegotiator$1.handlerAdded(ProtocolNegotiators.java:306)
	at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:606)
	... 19 more
}

I have tracked the root cause to this issue in grpc-java and it seems that they have updated the SECURITY.md to indicate that the required version of netty-tcnative-boringssl-static is 2.0.7.Final (and not 2.0.6.Final).

To fix this locally in my project, I am overriding the netty-tcnative version by explicitly specifying it as a dependency in my pom.xml but this should be fixed in microbean so I have prepared a pull request #177

[ljnelson]

Thanks for your work. I'll either incorporate your pull request as it is or will commit something similar in spirit. Good catch.

[ljnelson]

Since #177 was merged, closing this issue.