加密的 SyncIQ 策略失败，并显示“sslv3 alert unsupported certificate”

SyncIQ 中的加密同时使用客户端和服务器身份验证。

链端证书“在 SyncIQ 的服务器/对等存储中导入的证书”仅配置为使用一种类型的身份验证（“通常仅为服务器身份验证”）

要确认并进行检查，请按照以下说明操作：

a) 通过 isi_migrate.logs：

在群集中：
--------------
# isi_for_array -sQ ' grep "An SSL handshake failure occurred while establishing" /var/log/isi_migrate.log | grep coord ' | sort | tail -5 

在日志中：
------------
$ grep -h "An SSL handshake failure occurred while establishing" */varlog.tar/log/isi_migrate.log | grep coord | sort | tail -5 

预期错误：
---------------------
TTTTTTTTTTTTTTT <3.3> xxxxxxxxxx-4(id8) isi_migrate[57638]: coord[xxxxxxxxxx:TTTTTTTTTTTT]: siq_create_alert_internal: type: 22 (policy name: xxxxxxxxxx target: xxxxxxxxxx) SyncIQ policy failed to establish an encrypted connection with target. An SSL handshake failure occurred while establishing an encrypted connection to the target cluster. Please view the logs on the source and target for further details. SSL error string: error:14094413:SSL routines:ssl3_read_bytes:sslv3 alert unsupported certificate [ISI_TLS_ERROR_HANDSHAKE], Target: xxxxxxxxxx

b) 通过服务器/对等证书存储

在群集中：
--------------
# openssl x509 -text -noout -in /ifs/.ifsvar/modules/isi_certs/synciq/peer/zone_1/certs/<ID>.crt | grep -A1 "X509v3 Extended Key Usage"

# openssl x509 -text -noout -in /ifs/.ifsvar/modules/isi_certs/synciq/server/zone_1/certs/<ID>.crt | grep -A1 "X509v3 Extended Key Usage"

在日志中：
------------
$ openssl x509 -text -noout -in local/ifsvar_modules.tar/modules/isi_certs/synciq/peer/zone_1/certs/<ID>.crt | grep -A1 "X509v3 Extended Key Usage"

$ openssl x509 -text -noout -in local/ifsvar_modules.tar/modules/isi_certs/synciq/server/zone_1/certs/<ID>.crt | grep -A1 "X509v3 Extended Key Usage"

上述命令的结果为仅显示“TLS Web Server Authentication”或“TLS Web Client Authentication”。

正确的输出结果为同时显示“TLS Web Server Authentication”和“TLS Web Client Authentication”