OpenSSL error when connecting json api jar to daml-on-sql jar with TLS

Hi all!

We’re currently getting in OpenSSL error when connecting the two jars, which I know isn’t strictly speaking a DAML issue, but we’ve not been able to find an immediately applicable answer on documentation pages or StackOverflow threads, so we’re hoping that this issue has been faced by someone here.

The error we get is from the daml-on-sql jar when the json api jar tries to make the initial connection. We get:
DEBUG: SSL_read failed with 1: OpenSSL error: 268436536 error:10000438:SSLroutines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR

I’ve found a thread saying that this is caused by the json api throwing an error and sending that to the daml-on-sql jar before the connection closes. That being said, all we get from the json api logs is
14:18:20.855 [http-json-ledger-api-akka.actor.default-dispatcher-4] ERROR com.daml.http.Main$ - Cannot start server: Error(Cannot connect to the ledger server, error: io.grpc.StatusRuntimeException: UNAVAILABLE: io exception

Any advice would greatly appreciated.

Hi @lashenhurst,

Would you mind sharing the CLI invocations (i.e. set of flags passed) for both processes?

Thanks for your time once again @Gary_Verhaegen, my colleague working on the architecture for this was able to use your answer from my previous question today to determine that this is caused by a certification validation error. This is only shown when using a logback configuration file where logging setting can be overidden.

For posterity/other users, Gary’s explanation on how to change the logging can be found here: Is it possible to change the log level for the JSON API jar?