Xiaoyu Yao created HADOOP-17699:
-----------------------------------
Summary: Remove hardcoded "SunX509" usage from SSLFactory
Key: HADOOP-17699
URL: https://issues.apache.org/jira/browse/HADOOP-17699
Project: Hadoop Common
Issue Type: Bug
Reporter: Xiaoyu Yao
Assignee: Xiaoyu Yao
In SSLFactory.SSLCERTIFICATE, used by FileBasedKeyStoresFactory and
ReloadingX509TrustManager, there is a hardcoded reference to "SunX509" which is
used to get a KeyManager/TrustManager. This KeyManager type might not be
available if using the other JSSE providers, e.g., in FIPS deployment.
{code:java}
WARN org.apache.hadoop.hdfs.web.URLConnectionFactory: Cannot load customized
ssl related configuration. Fall
back to system-generic settings.
java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:137)
at
org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:186)
at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:187)
at
org.apache.hadoop.hdfs.web.SSLConnectionConfigurator.<init>(SSLConnectionConfigurator.java:50)
at
org.apache.hadoop.hdfs.web.URLConnectionFactory.getSSLConnectionConfiguration(URLConnectionFactory.java:100)
at
org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:79)
{code}
This ticket is opened to use the DefaultAlgorithm defined by Java system
property:
ssl.KeyManagerFactory.algorithm and ssl.TrustManagerFactory.algorithm.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
