[jira] [Created] (SLIDER-1111) Accumulo SSL ITs can fail with newer JDKs

Billie Rinaldi (JIRA) Mon, 18 Apr 2016 11:47:38 -0700

Billie Rinaldi created SLIDER-1111:
--------------------------------------

             Summary: Accumulo SSL ITs can fail with newer JDKs 
                 Key: SLIDER-1111
                 URL: https://issues.apache.org/jira/browse/SLIDER-1111
             Project: Slider
          Issue Type: Bug
          Components: app-package, security
            Reporter: Billie Rinaldi
            Assignee: Billie Rinaldi
             Fix For: Slider 1.0.0



I've encountered multiple SSL errors when running the Accumulo funtests with 
jdk 1.8.0_77-b03: "javax.net.ssl.SSLHandshakeException: 
java.security.cert.CertificateException: Certificates does not conform to 
algorithm constraints" and "javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path validation failed: 
java.security.cert.CertPathValidatorException: Algorithm constraints check 
failed: MD5withRSA".

The first error appears to be related to AccumuloSSLTestBase using 
X509ExtendedTrustManager instead of X509TrustManager:
http://stackoverflow.com/questions/14149545/java-security-cert-certificateexception-certificates-does-not-conform-to-algori

The second seems to be due to SecurityUtils specifying a default hash of md5 
when signing certs:
https://github.com/apache/incubator-slider/blob/develop/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java#L61



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SLIDER-1111) Accumulo SSL ITs can fail with newer JDKs

Reply via email to