Uploaded image for project: 'Slider'
  1. Slider
  2. SLIDER-1111

Accumulo SSL ITs can fail with newer JDKs

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • Slider 0.91
    • app-package, security
    • None

    Description

      I've encountered multiple SSL errors when running the Accumulo funtests with jdk 1.8.0_77-b03: "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints" and "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA".

      The first error appears to be related to AccumuloSSLTestBase using X509ExtendedTrustManager instead of X509TrustManager:
      http://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori

      The second seems to be due to SecurityUtils specifying a default hash of md5 when signing certs:
      https://github.com/apache/incubator-slider/blob/develop/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java#L61

      Attachments

        Activity

          People

            billie Billie Rinaldi
            billie Billie Rinaldi
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: