SSL error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL alert

meniem nginx-forum at forum.nginx.org
Fri Nov 6 09:35:43 UTC 2020


Thanks Sergey for your quick reply.

I have checked the debug logs for the SNI (upstream SSL server name), and it
seems to be correct.I also used the "proxy_ssl_name" directive that set to
the proxied_server_name. Below is the debug output when I hit the endpoint:

2020/11/06 09:14:36 [debug] 30370#30370: *113140 http cleanup add:
000F8E3FFB8
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream resolve:
"/abc"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 name was resolved to
1.2.3.4
2020/11/06 09:14:36 [debug] 30370#30370: *113140 get rr peer, try: 1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 stream socket 13
2020/11/06 09:14:36 [debug] 30370#30370: *113140 epoll add connection: fd:13
ev:8002005
2020/11/06 09:14:36 [debug] 30370#30370: *113140 connect to 1.2.3.4:443,
fd:13 #11343
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream connect: -2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 posix_memalign: 003FFB8:128
@16
2020/11/06 09:14:36 [debug] 30370#30370: *113140 event timer add: 13:
60000:1604656507
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http finalize request: -4,
"/abc" a:1, c:2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http request count:2 blk:0
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http run request: "/abc"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream check client,
write event:1, "/abc"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream request:
"/abc"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 http upstream send request
handler
2020/11/06 09:14:36 [debug] 30370#30370: *113140 malloc: 00007F8EF805E0:72
2020/11/06 09:14:36 [debug] 30370#30370: *113140 upstream SSL server name:
"targetapp.com"
2020/11/06 09:14:36 [debug] 30370#30370: *113140 tcp_nodelay
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 0
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 0
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL handshake handler: 1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_do_handshake: -1
2020/11/06 09:14:36 [debug] 30370#30370: *113140 SSL_get_error: 2
2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL handshake handler: 0
2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL_do_handshake: 0
2020/11/06 09:14:37 [debug] 30370#30370: *113140 SSL_get_error: 1
2020/11/06 09:14:37 [error] 30370#30370: *113140 SSL_do_handshake() failed
(SSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:SSL
alert$
2020/11/06 09:14:37 [debug] 30370#30370: *113140 http next upstream, 2
2020/11/06 09:14:37 [debug] 30370#30370: *113140 free rr peer 1 4
2020/11/06 09:14:37 [debug] 30370#30370: *113140 finalize http upstream
request: 502
2020/11/06 09:14:37 [debug] 30370#30370: *113140 finalize http proxy
request
2020/11/06 09:14:37 [debug] 30370#30370: *113140 close http upstream
connection: 13
2020/11/06 09:14:37 [debug] 30370#30370: *113140 free: 0007F8EF0E0
2020/11/06 09:14:37 [debug] 30370#30370: *113140 free: 0007F8EFA2A0, unused:
32
2020/11/06 09:14:37 [debug] 30370#30370: *113140 event timer del: 13:
104613507
2020/11/06 09:14:37 [debug] 30370#30370: *113140 reusable connection: 0
2020/11/06 09:14:37 [debug] 30370#30370: *113140 http finalize request: 502,
"/abc" a:1, c:1
2020/11/06 09:14:37 [debug] 30370#30370: *113140 http special response: 502,
"/abc"
2020/11/06 09:14:37 [debug] 30370#30370: *113140 xslt filter header
2020/11/06 09:14:37 [debug] 30370#30370: *113140 HTTP/1.1 502 Bad Gateway
Server: nginx/1.12.2
Server: nginx/1.12.2
Date: Fri, 06 Nov 2020 09:14:37 GMT
Content-Type: text/html
Content-Length: 173
Connection: keep-alive

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289880,289884#msg-289884



More information about the nginx mailing list