After following the tutorials on how to develop a Mixer-Out-of-Process-Adapter and extracting it as a Mixer-Out-of-Tree-Adapter, testing the the Out-of-Tree-Adapter with mTLS does not work correctly on local machine (same behavior when deployed in k8s). The mixs-logs show, that the Adapter-Handler is detected successfully, but the TLS handshake seems to fail. Following debug-logs of mixs show the probable error:
...
2020-01-06T16:21:54.444962Z info Built new config.Snapshot: id='1'
2020-01-06T16:21:54.454501Z warn cannot load public root cert: open /etc/ssl/certs/ca-certificates.crt: no such file or directory
2020-01-06T16:21:54.455126Z info parsed scheme: ""
2020-01-06T16:21:54.455175Z info scheme "" not registered, fallback to default scheme
2020-01-06T16:21:54.455224Z info ccResolverWrapper: sending update to cc: {[{[::]:7777 0 <nil>}] <nil>}
2020-01-06T16:21:54.455297Z info base.baseBalancer: got new ClientConn state: {{[{[::]:7777 0 <nil>}] <nil>} <nil>}
2020-01-06T16:21:54.455467Z info grpcAdapter Connected to: [::]:7777
2020-01-06T16:21:54.455677Z debug New routes in effect:
[Routing ExpectedTable]
ID: 1
[#0] TEMPLATE_VARIETY_CHECK {V}
[#0] istio-system {NS}
[#0] kelonhandler.handler.istio-system {H}
[#0]
Condition: <NONE>
[#0] authinfo.instance.istio-system {I}
2020-01-06T16:21:54.455691Z info Cleaning up handler table, with config ID:0
2020-01-06T16:21:54.456405Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, CONNECTING
2020-01-06T16:21:54.456731Z info Starting monitor server...
2020-01-06T16:21:54.457951Z info grpc: addrConn.createTransport failed to connect to {[::]:7777 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake". Reconnecting...
2020-01-06T16:21:54.457980Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, TRANSIENT_FAILURE
Istio Mixer: 032be5b1ecfd5b087f623d76dca2879f8cd130be-032be5b1ecfd5b087f623d76dca2879f8cd130be-Clean
Starting gRPC server on port 9091
2020-01-06T16:21:54.461730Z info ControlZ available at 127.0.0.1:9876
2020-01-06T16:21:55.462362Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, CONNECTING
2020-01-06T16:21:55.462437Z info roundrobinPicker: newPicker called with readySCs: map[]
2020-01-06T16:21:55.463285Z info grpc: addrConn.createTransport failed to connect to {[::]:7777 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake". Reconnecting...
2020-01-06T16:21:55.463343Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, TRANSIENT_FAILURE
2020-01-06T16:21:57.059033Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, CONNECTING
2020-01-06T16:21:57.059086Z info roundrobinPicker: newPicker called with readySCs: map[]
2020-01-06T16:21:57.059746Z info grpc: addrConn.createTransport failed to connect to {[::]:7777 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake". Reconnecting...
2020-01-06T16:21:57.059800Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, TRANSIENT_FAILURE
2020-01-06T16:21:59.650029Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, CONNECTING
2020-01-06T16:21:59.650158Z info roundrobinPicker: newPicker called with readySCs: map[]
2020-01-06T16:21:59.650861Z info grpc: addrConn.createTransport failed to connect to {[::]:7777 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake". Reconnecting...
2020-01-06T16:21:59.650917Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, TRANSIENT_FAILURE
2020-01-06T16:22:03.151156Z info base.baseBalancer: handle SubConn state change: 0xc000cfa1e0, CONNECTING
I have also created an Issue for this.