Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.4.0
Description
In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which is used to get a KeyManager/TrustManager. This KeyManager type might not be available if using the other JSSE providers, e.g., in FIPS deployment.
WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized ssl related configuration. Fall
back to system-generic settings.
java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137)
at org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186)
at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187)
at org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.<init>(SSLConnectionConfigurator.java:50)
at org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100)
at org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79)
This ticket is opened to use the DefaultAlgorithm defined by Java system property:
ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm.
Attachments
Issue Links
- links to