[
https://issues.apache.org/jira/browse/ZOOKEEPER-2297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15110355#comment-15110355
]
Flavio Junqueira edited comment on ZOOKEEPER-2297 at 1/21/16 9:53 AM:
----------------------------------------------------------------------
I'm sorry guys for chiming in late, but as it stands, I'm -1 on this change.
There are two points that are bothering me here:
# If we are to change configuration, even when the branch is not yet stable
like 3.5, we need to bring the issue up on the user list to collect feedback.
We can't expect users to be aware of discussions in jiras like this one and it
affects them.
# I don't like the configuration change. We could use the secure client port
parameter to determine whether the user is trying to configure secure
communication or even create a boolean parameter to make it more explicit, like
having {{zookeeper.client.secure}} on the server side as well. The bottom line
is that I'd rather infer from a configuration parameter that the user is trying
to make it secure rather than force the user to set such a cumbersome variable.
Also, this is focusing on SSL, but this change affects SASL as well, yes?
My suggestion is to work on those points and for the second, to produce a new
patch that fixes the configuration.
was (Author: fpj):
I'm sorry guys for chiming in late, but as it stands, I'm -1 on this change as
is. There are two points that are bothering me here:
# If we are to change configuration, even when the branch is not yet stable
like 3.5, we need to bring the issue up on the user list to collect feedback.
We can't expect users to be aware of discussions in jiras like this one and it
affects them.
# I don't like the configuration change. We could use the secure client port
parameter to determine whether the user is trying to configure secure
communication or even create a boolean parameter to make it more explicit, like
having {{zookeeper.client.secure}} on the server side as well. The bottom line
is that I'd rather infer from a configuration parameter that the user is trying
to make it secure rather than force the user to set such a cumbersome variable.
Also, this is focusing on SSL, but this change affects SASL as well, yes?
My suggestion is to work on those points and for the second, to produce a new
patch that fixes the configuration.
> NPE is thrown while creating "key manager" and "trust manager"
> ---------------------------------------------------------------
>
> Key: ZOOKEEPER-2297
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2297
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
> Affects Versions: 3.5.1
> Environment: Suse 11 sp 3
> Reporter: Anushri
> Assignee: Arshad Mohammad
> Priority: Minor
> Fix For: 3.5.2, 3.6.0
>
> Attachments: ZOOKEEPER-2297-01.patch, ZOOKEEPER-2297-02.patch,
> ZOOKEEPER-2297-03.patch
>
>
> NPE is thrown while creating "key manager" and "trust manager" , even though
> the zk setup is in non-secure mode
> bq. 2015-10-19 12:54:12,278 [myid:2] - ERROR [ProcessThread(sid:2
> cport:-1)::X509AuthenticationProvider@78] - Failed to create key manager
> bq. org.apache.zookeeper.common.X509Exception$KeyManagerException:
> java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:129)
> at
> org.apache.zookeeper.server.auth.X509AuthenticationProvider.<init>(X509AuthenticationProvider.java:75)
> at
> org.apache.zookeeper.server.auth.ProviderRegistry.initialize(ProviderRegistry.java:42)
> at
> org.apache.zookeeper.server.auth.ProviderRegistry.getProvider(ProviderRegistry.java:68)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.fixupACL(PrepRequestProcessor.java:952)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest2Txn(PrepRequestProcessor.java:379)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest(PrepRequestProcessor.java:716)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.run(PrepRequestProcessor.java:144)
> Caused by: java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createKeyManager(X509Util.java:113)
> ... 7 more
> bq. 2015-10-19 12:54:12,279 [myid:2] - ERROR [ProcessThread(sid:2
> cport:-1)::X509AuthenticationProvider@90] - Failed to create trust manager
> bq. org.apache.zookeeper.common.X509Exception$TrustManagerException:
> java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createTrustManager(X509Util.java:158)
> at
> org.apache.zookeeper.server.auth.X509AuthenticationProvider.<init>(X509AuthenticationProvider.java:87)
> at
> org.apache.zookeeper.server.auth.ProviderRegistry.initialize(ProviderRegistry.java:42)
> at
> org.apache.zookeeper.server.auth.ProviderRegistry.getProvider(ProviderRegistry.java:68)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.fixupACL(PrepRequestProcessor.java:952)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest2Txn(PrepRequestProcessor.java:379)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.pRequest(PrepRequestProcessor.java:716)
> at
> org.apache.zookeeper.server.PrepRequestProcessor.run(PrepRequestProcessor.java:144)
> Caused by: java.lang.NullPointerException
> at org.apache.zookeeper.common.X509Util.createTrustManager(X509Util.java:143)
> ... 7 more
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
