Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
I've encountered multiple SSL errors when running the Accumulo funtests with jdk 1.8.0_77-b03: "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints" and "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA".
The first error appears to be related to AccumuloSSLTestBase using X509ExtendedTrustManager instead of X509TrustManager:
http://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori
The second seems to be due to SecurityUtils specifying a default hash of md5 when signing certs:
https://github.com/apache/incubator-slider/blob/develop/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java#L61