The following tests are failing in my environment even with the JCE extensions.
/* Test7: If no chain is given, the certificate should be self signed. Else, uploadShould Fail */ runUploadSslCertNoChain(); /* Test8: Chain is given but does not have root certificate */ runUploadSslCertNoRootCert(); /* Test9: The chain given is not the correct chain for the certificate */ runUploadSslCertBadChain(); /* Test12: Given a certificate signed by a CA and a valid CA chain, upload should succeed */ runUploadSslCertWithCAChain(); On 12-Nov-2013, at 11:35 AM, Koushik Das <koushik....@citrix.com> wrote: > I see the JCE extensions in jdk 1.7 as well. They are present under > <java_home>/jre/lib/security. But still I see a test failure. Is there any > other configuration that is required? > > Running org.apache.cloudstack.network.lb.CertServiceTest > Tests run: 2, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 1.456 sec <<< > FAILURE! > > -Koushik > > On 12-Nov-2013, at 11:19 AM, Prasanna Santhanam <t...@apache.org> > wrote: > >> My MacOSX 1.6 jdk seems to have the crypto extensions jce builtin and >> the build+test works. JDK 1.7 install does not have them though. >> >> The JCE kit seems to carry a BCL which is not ASF friendly [1]. But >> this being part of the Java install and not the project it should be >> okay IMO if we note it in our wiki on building the project. >> >> As for legal aspects - I found this which might be of some relevance. >> http://markmail.org/message/evtkc656gewrkruf >> >> [1] http://www.apache.org/legal/3party.html#transition-examples >> >> On Mon, Nov 11, 2013 at 10:45:12PM +0100, Laszlo Hornyak wrote: >>> Hi, >>> >>> That is a good question, I do not know for sure, but this package needs to >>> be signed by oracle, it is not redistributable and has teritorial import >>> restrictions, so it could be problematic :-( I hope it is not. Guys, can >>> someone help us here? >>> >>> >>> On Mon, Nov 11, 2013 at 10:21 PM, Syed Ahmed <sah...@cloudops.com> wrote: >>> >>>> Hi Laszlo, >>>> >>>> The CertService uses BouncyCastle for certificate parsing and validation. >>>> The JCE extension provides the API for using BouncyCastle as the provider. >>>> So, JCE is required. I know that BouncyCastle is added in CS. Would it be >>>> possible to add JCE as a dependency too? >>>> >>>> Thanks, >>>> -Syed >>>> >>>> >>>> On 13-11-10 09:55 AM, Laszlo Hornyak wrote: >>>> >>>>> Hi Sahmed and list, >>>>> >>>>> I ran into some failing tests this weekend related to the patch >>>>> 0076307863e9155273d9e4c14282de429388c9e9 apparently jenkins fails for >>>>> the same reason. I did a short investigation and it turned out that in >>>>> order to run the tests correctly, one has to download the sun jce policy >>>>> files and put it in the jdk replacing the original policies. >>>>> >>>>> Questions: >>>>> - Is there a more convenient deployment process? :-) It would be very >>>>> useful for the jenkins environment as well. >>>>> - I gave it a try and patched the oracle jdk 1.7 with the same plugin, it >>>>> did not work. Do you know a way to make it work again with jdk 1.7? >>>>> >>>>> Thank you, >>>>> Laszlo >>>>> >>>>> -- >>>>> >>>>> EOF >>>>> >>>> >>>> >>> >>> >>> -- >>> >>> EOF >> >> -- >> Prasanna., >> >> ------------------------ >> Powered by BigRock.com >> >