SSL handshake error when connecting to peer-server locally

Hello everyone! Sorry for the long post. I appreciate any help you may offer in advance.

Env:

  • datomic version: datomic-pro-0.9.5930 (starter license)
  • OpenJDK Runtime Environment (build 1.8.0_212-8u212-b03-0ubuntu1.18.04.1-b03)
  • Linux laptop

What i tried to do - very basic steps, just following the online guide:

  1. started a peer-server on my laptop using the same command per online guide

bin/run -m datomic.peer-server -h localhost -p 8998 -a usr,pwd -d hello,datomic:mem://hello

this worked fine. I got:

Serving datomic:mem://hello as hello

  1. Next, tried to connect to the peer-server from client.
    Fired up a repl , included datomic.client-pro dependency, followed the instructions online:

    (require '[datomic.client.api :as d])
    (def db-cfg
    {:server-type :peer-server
    :access-key “usr”
    :secret “pwd”
    :endpoint “localhost:8998”
    })

    (def c (d/client db-cfg)) ;;worked fine

    (d/connect c {:db-name “hello”}) ;; error!

Following error came up

General SSLEngine problem
{:cognitect.anomalies/category :cognitect.anomalies/fault,
:cognitect.anomalies/message “General SSLEngine problem”,
:cognitect.http-client/throwable #error {
:cause “No name matching localhost found”
:via
[{:type javax.net.ssl.SSLHandshakeException
:message “General SSLEngine problem”

So looks like the SSL handshake between client and peer-server failed due to host name localhost

I assume the Jetty server used by peer-server defines a ssl conext factory, but I could not figure out how it is initialized. Most importantly, how I can pass a keystore setting to it. I tried to add -Djavax.net.ssl.keyStore=.. java options to peer-server command line, but seems they were ignored. I see from peer-server log the Jetty server was started with null keystore/trustStore.

2019-07-07 18:17:59.308 INFO default o.e.jetty.util.ssl.SslContextFactory - x509=X509@402d6012(transactor,h=,w=) for SslContextFactory@395281c2[provider=null,keyStore=null,trustStore=null]
2019-07-07 18:17:59.318 INFO default o.e.jetty.server.AbstractConnector - Started ServerConnector@1573e8a5{SSL,[ssl, http/1.1]}{localhost:8998}
2019-07-07 18:17:59.318 INFO default org.eclipse.jetty.server.Server - Started @6356ms

So the question is how I can bypass this issue? Can i run peer-sever without SSL? can I specify a keystore config to Jetty?

Thanks!

See https://docs.datomic.com/on-prem/peer-server.html#connecting
You need to add :validate-hostnames false to your connection map.

-Marshall

great! it worked after adding the :validate-hostnames false
Thanks!