[SLIDER-1111] Accumulo SSL ITs can fail with newer JDKs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Slider 0.91
Component/s: app-package, security
Labels:
None

Description

I've encountered multiple SSL errors when running the Accumulo funtests with jdk 1.8.0_77-b03: "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints" and "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA".

The first error appears to be related to AccumuloSSLTestBase using X509ExtendedTrustManager instead of X509TrustManager:
http://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori

The second seems to be due to SecurityUtils specifying a default hash of md5 when signing certs:
https://github.com/apache/incubator-slider/blob/develop/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java#L61

Attachments

Activity

People

Assignee:: Billie Rinaldi

Reporter:: Billie Rinaldi

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Apr/16 18:46

Updated:: 13/Jun/16 21:41

Resolved:: 18/Apr/16 19:25