Description
I've been testing HAFT with ATTLS.
If I have 2 servers and shut down 1, then bring up the second later, some URLs are met with HTTP 500 "Exception reading certificate".
In other words,
- Use some rest APIs
- shut down 1 server
- Observe that you can continue to use the rest APIs
- start up that server that was shut down
- Observe HTTP 500 "Exception reading certificate" for some time.
I have a theory about why this happens.
I've been seeing this message in every version of APIML lately ever since testing AT-TLS
<ZWEAGW1:http-nio-0.0.0.0-63002-exec-1:67502205> me ERROR (o.z.a.f.AttlsFilter) Not possible to get certificate from AT-TLS context
java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor
It appears at startup, but not later.
This seemed harmless so I ignored it, since Zowe eventually works and the error does not repeat.
But, I'm guessing these 2 things are related - because APIML can't read the certificate from AT-TLS at startup, startup of APIML generates HTTP 500 when called.
So, I think there's a bug about "APIML code accepts requests before it's ready to handle them because it needs to be able to read the ATTLS certs, but can't for some reason"
This happens on v2.17+ as far as I've tested. v2 and v3.