From dev-return-19284-apmail-nifi-dev-archive=nifi.apache.org@nifi.apache.org Mon Jun 10 18:17:22 2019 Return-Path: X-Original-To: apmail-nifi-dev-archive@minotaur.apache.org Delivered-To: apmail-nifi-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by minotaur.apache.org (Postfix) with SMTP id 2D5B819A0C for ; Mon, 10 Jun 2019 18:17:22 +0000 (UTC) Received: (qmail 18493 invoked by uid 500); 10 Jun 2019 18:17:16 -0000 Delivered-To: apmail-nifi-dev-archive@nifi.apache.org Received: (qmail 18455 invoked by uid 500); 10 Jun 2019 18:17:16 -0000 Mailing-List: contact dev-help@nifi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@nifi.apache.org Delivered-To: mailing list dev@nifi.apache.org Received: (qmail 18444 invoked by uid 99); 10 Jun 2019 18:17:15 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Jun 2019 18:17:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 3EE74C0253 for ; Mon, 10 Jun 2019 18:17:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.249 X-Spam-Level: ** X-Spam-Status: No, score=2.249 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id xlyj30JriUpO for ; Mon, 10 Jun 2019 18:17:13 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 824805F19A for ; Mon, 10 Jun 2019 18:17:13 +0000 (UTC) Received: by mail-pl1-f179.google.com with SMTP id g9so3979995plm.6 for ; Mon, 10 Jun 2019 11:17:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=qjD1V8+ZwczdQNN2aBvlf76epaMGmZGMEAlZTVXpAto=; b=Rg+41l/WQR9E6vd/sNjMkoe2nejPFnf0UN9qIjef21ODOQfJqQEu7/j4GjvtfQDr45 Hr9sIP8BB5FjWgDbclqlv/6DPJE3WFMb59eGANG+fW0U1Y7bMsyfTWqtIXj7RuSQZ4As LK0FgUCWcnEvIF7/lQ+p5icc1LSApx4xw+loA7DaSxaZcn1Br8/B2dvbUU2U+9BsKAXG 8PR1YtiLd1/HVfU3PTDWjdO2tQu00z1oEI65TI0GnNRYa6MssZMH/yPqlvsZzyceCxfr x4gALTcW1y+3a2hmzwDwYEeB9kFvkTPLFdbCcQBjZp1R+f0BZykVadR9oUl2MpyuLRMt amaA== X-Gm-Message-State: APjAAAXjZK5p9xm7uvVNMwz48VEUgBA5lZ8zwYG4Xw9HXnaOHMsRgmYu 9hFxR5Pq0vfclbsGd3OGtXcS8cai X-Google-Smtp-Source: APXvYqwc1ddT5irVQnnMN0cFJ71inijwouwOgT1xI2/bru+x2yCwQ33IB/NXO4LLbLSId/42sPp5xg== X-Received: by 2002:a17:902:8493:: with SMTP id c19mr73146527plo.58.1560190626892; Mon, 10 Jun 2019 11:17:06 -0700 (PDT) Received: from [10.137.20.198] ([185.180.13.226]) by smtp.gmail.com with ESMTPSA id h6sm518812pjs.2.2019.06.10.11.17.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Jun 2019 11:17:06 -0700 (PDT) From: Andy LoPresto Content-Type: multipart/alternative; boundary="Apple-Mail=_9D513383-E218-4727-BBC7-BAA9E9FD681F" Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: Re: Why is there no SSL Context Service for the GetSQS Processor? Date: Mon, 10 Jun 2019 11:17:04 -0700 References: <206213903.927424.1560189803772@mail.yahoo.com> To: dev@nifi.apache.org In-Reply-To: <206213903.927424.1560189803772@mail.yahoo.com> Message-Id: X-Mailer: Apple Mail (2.3445.102.3) --Apple-Mail=_9D513383-E218-4727-BBC7-BAA9E9FD681F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi John, You=E2=80=99re right, it looks like the absence of an SSL Context = Service was an oversight from the initial contributor. If you=E2=80=99re = comfortable opening a Jira ticket [1] and documenting this need, we can = start working on it. Thanks for bringing this to our attention.=20 In the meantime, if you need an immediate fix, I would suggest using an = ExecuteScript processor using Groovy with the AWS Java SDK (basically = copy/paste from the existing GetSQS processor body) (if you need help = with the code, let us know).=20 The certificate issue would likely only be NiFi trusting the certificate = presented by the AWS SQS instance; unless you have mutual authentication = TLS enabled (which is uncommon in AWS for client connections), NiFi = isn=E2=80=99t presenting a certificate for the connection handshake = negotiation.=20 [1] = https://issues.apache.org/jira/browse/NIFI/?selectedTab=3Dcom.atlassian.ji= ra.jira-projects-plugin:summary-panel=20 Andy LoPresto alopresto@apache.org alopresto.apache@gmail.com PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jun 10, 2019, at 11:03 AM, jcrooke@yahoo.com.invalid = wrote: >=20 > Hello nice nifi dev folks, >=20 > I'm trying to use GetSQS to pull SQS messages from an SQS queue whose = URL begins with "https://sqs..." >=20 > I get the following error when I run the processor: "Unable to execute = HTTP request: Remote host closed connection during handshake" >=20 > And I'm having a hard time figuring out where nifi is getting its = certificates, or even which certificate it's presenting, if any. >=20 > It's a curious thing that the GetSQS processor does NOT let you choose = an SSL Context Service, but other AWS-related processors such as = "FetchS3Object" do have the "SSL Context Service" property. >=20 > I have valid AWS credentials. I can "FetchS3Object" all day long. But = this GetSQS processor isn't working at all and I suspect it's because of = this missing property. >=20 > Does anyone know why it's missing or how I can work around it? >=20 > Thanks! >=20 > John --Apple-Mail=_9D513383-E218-4727-BBC7-BAA9E9FD681F--