You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I'm not sure if this is a true bug or if I'm merely doing something wrong. When attempting to create a client using the transport builder with some certificate files, I continuously get the error Cert(reqwest::Error { kind: Builder, source: "incompatible TLS identity type" }). I've tested these certificates with the exact same server using reqwest directly, which works precisely as intended. If this isn't a bug, it would be very helpful to have some more documentation providing the differences between these two and how to use certificates with elasticsearch.
To Reproduce
Steps to reproduce the behavior:
Using an elasticsearch server configured to use credentials and tls certificates, this code yields the error:
let credentials = Credentials::Basic(server_username.into(), server_password.into());
let cert_ca = fs::read_to_string("ca.pem").unwrap();
let cert_elastic = fs::read_to_string("elastic.pem").unwrap();
let cert_elastic_key = fs::read_to_string("elastic-key.pem").unwrap();
let cert_vec = format!("{}{}", cert_elastic_key, cert_elastic).into_bytes();
let cert_credentials = Credentials::Certificate(ClientCertificate::Pem(cert_vec));
let conn_pool = SingleNodeConnectionPool::new(url);
let builder = TransportBuilder::new(conn_pool)
.auth(credentials)
.auth(cert_credentials)
.cert_validation(CertificateValidation::Full(Certificate::from_pem(&cert_ca.into_bytes()).unwrap()))
.disable_proxy();
let transport = builder.build().unwrap();
let client = Elasticsearch::new(transport);
Expected behavior
I would expect this to behave like Reqwest does when doing it manually, as such:
let id = reqwest::Identity::from_pem(&cert_vec).unwrap();
let client = reqwest::blocking::Client::builder()
.identity(id)
.add_root_certificate(reqwest::Certificate::from_pem(&cert_ca.into_bytes()).unwrap())
.build().unwrap();
Environment (please complete the following information):
OS: Ubuntu 20.04
rustc version: 1.50.0
The text was updated successfully, but these errors were encountered:
chancecardona
changed the title
[BUG] Builder panics with "incompatible TLS identity type"
[BUG] Builder panics with "incompatible TLS identity type" when using client certificates
May 21, 2021
Upon further research it was found that this bug occurred even when using only the Reqwest code above if elasticsearch-rs was a dependency. This is due to native-tls being imported by default with elasticsearch-rs, which causes the conflict. Setting default-features=false for the elasticsearch crate fixes this problem. Still though, a more helpful error message would be appreciated.
Describe the bug
I'm not sure if this is a true bug or if I'm merely doing something wrong. When attempting to create a client using the transport builder with some certificate files, I continuously get the error
Cert(reqwest::Error { kind: Builder, source: "incompatible TLS identity type" })
. I've tested these certificates with the exact same server using reqwest directly, which works precisely as intended. If this isn't a bug, it would be very helpful to have some more documentation providing the differences between these two and how to use certificates with elasticsearch.To Reproduce
Steps to reproduce the behavior:
Using an elasticsearch server configured to use credentials and tls certificates, this code yields the error:
Expected behavior
I would expect this to behave like Reqwest does when doing it manually, as such:
Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: